@layerzerolabs/protocol-stellar-v2 0.2.33 → 0.2.34

package/contracts/sac-manager/src/extensions/supply_control/rate_limit.rs

@@ -1,126 +0,0 @@
-//! Rate limiting types and logic for supply control.
-//!
-//! Pure rate-limit primitives: configuration, runtime state, and the token-bucket
-//! refill algorithm. No storage or authorization concerns — those live in the
-//! parent `supply_control` module.
-
-use super::SupplyControlError;
-use soroban_sdk::contracttype;
-
-/// A `refill_per_second` value of 0 means rate limit checking is skipped (unlimited minting).
-pub(super) const SKIP_RATE_LIMIT_CHECK: i128 = 0;
-
-// =========================================================================
-// Types
-// =========================================================================
-
-/// Limit configuration for rate limiting.
-#[contracttype]
-#[derive(Clone, Debug, Eq, PartialEq)]
-pub struct LimitConfig {
-    /// Max amount for the rate limit
-    pub limit_capacity: i128,
-    /// Amount to add to limit each second up to the limitCapacity.
-    /// A value of 0 means rate limiting is disabled (unlimited minting allowed).
-    pub refill_per_second: i128,
-}
-
-/// Rate limit state (the runtime state that persists across config updates).
-#[contracttype]
-#[derive(Clone, Debug, Eq, PartialEq)]
-pub struct RateLimitState {
-    /// Remaining amount for the time period
-    pub remaining_amount: i128,
-    /// Timestamp of last refill
-    pub last_refill_time: u64,
-}
-
-// =========================================================================
-// Helper Functions
-// =========================================================================
-
-/// Refills and returns the remaining amount based on elapsed time.
-/// Returns `Err(SupplyControlError::OldTimestamp)` if `timestamp` is older than `last_refill_time`.
-/// On arithmetic overflow, returns `limit_capacity` (aligned with EVM RateLimiter).
-pub(super) fn refill(
-    limit_config: &LimitConfig,
-    state: &RateLimitState,
-    timestamp: u64,
-) -> Result<i128, SupplyControlError> {
-    if timestamp < state.last_refill_time {
-        return Err(SupplyControlError::OldTimestamp);
-    }
-
-    let seconds_elapsed = timestamp - state.last_refill_time;
-    let new_tokens = (seconds_elapsed as i128).checked_mul(limit_config.refill_per_second);
-    let amount = new_tokens.and_then(|t| state.remaining_amount.checked_add(t));
-
-    Ok(match amount {
-        Some(amount) => amount.min(limit_config.limit_capacity),
-        None => limit_config.limit_capacity,
-    })
-}
-
-/// Gets remaining amount that can be sent in the window.
-/// A `refill_per_second` of 0 is a special value indicating rate limit checking is skipped.
-pub(super) fn get_remaining_amount(
-    limit_config: &LimitConfig,
-    state: &RateLimitState,
-    timestamp: u64,
-) -> Result<i128, SupplyControlError> {
-    if limit_config.refill_per_second == SKIP_RATE_LIMIT_CHECK {
-        return Ok(i128::MAX);
-    }
-    refill(limit_config, state, timestamp)
-}
-
-/// Attempts to consume `amount` from the rate limit budget.
-///
-/// 1. Skips if rate limiting is disabled (`refill_per_second == 0`).
-/// 2. Refills the bucket based on elapsed time.
-/// 3. Checks if `amount` fits within the remaining capacity.
-/// 4. Deducts `amount` and updates the state in place.
-///
-/// Returns `Err(RateLimitExceeded)` if the amount exceeds remaining capacity.
-/// Returns `Err(OldTimestamp)` if `timestamp` is older than `last_refill_time`.
-pub(super) fn try_consume(
-    limit_config: &LimitConfig,
-    state: &mut RateLimitState,
-    timestamp: u64,
-    amount: i128,
-) -> Result<(), SupplyControlError> {
-    if limit_config.refill_per_second == SKIP_RATE_LIMIT_CHECK {
-        return Ok(());
-    }
-    if amount < 0 {
-        return Err(SupplyControlError::InvalidAmount);
-    }
-
-    state.remaining_amount = refill(limit_config, state, timestamp)?;
-    state.last_refill_time = timestamp;
-
-    if amount > state.remaining_amount {
-        return Err(SupplyControlError::RateLimitExceeded);
-    }
-
-    state.remaining_amount -= amount;
-    Ok(())
-}
-
-// ============================================================================
-// Test-only Functions
-// ============================================================================
-
-#[cfg(test)]
-pub(crate) mod test {
-    use super::*;
-
-    /// Test-only wrapper for refill to enable testing.
-    pub fn refill_for_test(
-        limit_config: &LimitConfig,
-        state: &RateLimitState,
-        timestamp: u64,
-    ) -> Result<i128, SupplyControlError> {
-        refill(limit_config, state, timestamp)
-    }
-}

package/contracts/sac-manager/src/interfaces/mod.rs

@@ -1,3 +0,0 @@
-mod sac_manager;
-
-pub use sac_manager::*;

package/contracts/sac-manager/src/interfaces/sac_manager.rs

@@ -1,52 +0,0 @@
-//! SAC Manager interface - ISacManager trait.
-//!
-//! Defines the admin-only methods where the SAC manager adds value beyond the raw SAC.
-//! Mint/burn for the OFT are provided via the MintBurnable trait.
-//! Pure pass-through queries (balance, decimals, name, symbol, etc.)
-//! should be called directly on the underlying SAC.
-
-use common_macros::contract_trait;
-use soroban_sdk::{Address, Env};
-
-// =========================================================================
-// ISacManager Interface
-// =========================================================================
-
-/// SAC Manager Interface.
-///
-/// Admin-only operations are authorized via the contract owner (Ownable).
-/// OFT mint/burn operations are handled by the MintBurnable trait separately.
-#[contract_trait(client_name = "ISacManagerClient")]
-pub trait ISacManager {
-    // =========================================================================
-    // Admin Operations
-    // =========================================================================
-
-    /// Mints `amount` to `to`. Subject to supply control when enabled.
-    /// When supply control is off, only the owner can call.
-    fn authorized_mint(env: &Env, sender: &Address, to: &Address, amount: i128);
-
-    /// Clawback `amount` from `from` account. Subject to supply control when enabled.
-    /// When supply control is off, only the owner or OFT can call.
-    fn clawback(env: &Env, sender: &Address, from: &Address, amount: i128);
-
-    /// Releases the SAC admin role. Owner-only.
-    fn release_sac_admin(env: &Env, to: &Address);
-
-    /// Sets whether the account is authorized to use its balance. Admin-only.
-    fn set_authorized(env: &Env, id: &Address, authorize: bool);
-
-    /// Sets the OFT contract address authorized to call mint/burn.
-    /// Must be called after construction since OFT and sac-manager are circular dependencies.
-    fn set_oft_address(env: &Env, new_oft: &Address);
-
-    // =========================================================================
-    // View Functions
-    // =========================================================================
-
-    /// Returns the underlying SAC (Stellar Asset Contract) address managed by this contract.
-    fn underlying_sac(env: &Env) -> Address;
-
-    /// Returns the OFT contract address authorized to call mint/burn.
-    fn oft_address(env: &Env) -> Address;
-}

package/contracts/sac-manager/src/sac_manager.rs

@@ -1,193 +0,0 @@
-//! SAC Manager Contract - Manages a Stellar Asset Contract (SAC) as its admin.
-//!
-//! This contract becomes the admin of a SAC and provides:
-//! - MintBurnable interface for OFT (mint/burn with supply control)
-//! - Admin operations (admin_mint, clawback, set_admin, set_authorized)
-//! - Redistribution feature (transfer to blacklisted → redirect to configurable target)
-//! - Supply control feature (rate limiting on mint)
-//! - Upgradeable (owner-authorized)
-//!
-//! ## Authorization Model
-//!
-//! - **Owner** (via Ownable): The admin address. Can do everything (upgrades, TTL, admin ops).
-//! - **OFT address**: Stored separately. Can only call mint/burn (MintBurnable interface).
-//! - **Redistribution target**: Always the current owner address.
-
-use crate::{
-    errors::SacManagerError,
-    extensions::{
-        redistribution::{Redistribution, RedistributionInternal},
-        supply_control::{LimitConfig, SupplyControl, SupplyControlInternal, SupplyControllerConfig},
-    },
-    interfaces::ISacManager,
-    storage::SacManagerStorage,
-};
-use common_macros::{contract_impl, lz_contract, only_auth};
-use oft::MintBurnable;
-use soroban_sdk::{assert_with_error, token::StellarAssetClient, Address, Env, Vec};
-use utils::{option_ext::OptionExt, ownable::OwnableInitializer};
-
-// =========================================================================
-// SAC Manager Contract
-// =========================================================================
-
-/// SAC Manager Contract
-///
-/// Manages a SAC as its admin, forwarding token actions to
-/// the underlying SAC while enforcing access control and feature policies.
-#[lz_contract(upgradeable(no_migration))]
-pub struct SacManager;
-
-#[contract_impl]
-impl SacManager {
-    /// Constructs the SAC manager contract.
-    ///
-    /// # Arguments
-    /// * `sac_token` - The underlying Stellar Asset Contract address
-    /// * `owner` - The initial owner address (for upgrades, owner ops, redistribution target)
-    /// * `redistribution_enabled` - Whether redistribution is enabled globally
-    /// * `supply_control_enabled` - Whether supply control is enabled globally
-    ///
-    /// Note: The OFT address must be set separately via `set_oft_address` after construction,
-    /// because the OFT and sac-manager have a circular dependency on each other's addresses.
-    pub fn __constructor(
-        env: &Env,
-        sac_token: &Address,
-        owner: &Address,
-        redistribution_enabled: bool,
-        supply_control_enabled: bool,
-    ) {
-        // Initialize admin for upgrade/TTL authorization and admin operations
-        Self::init_owner(env, owner);
-
-        // Store SAC token
-        SacManagerStorage::set_sac_token(env, sac_token);
-
-        // Set feature flags
-        if redistribution_enabled {
-            Self::__enable_redistribution(env);
-        }
-        if supply_control_enabled {
-            Self::__enable_supply_control(env);
-        }
-    }
-}
-
-// =========================================================================
-// MintBurnable Implementation (OFT interface)
-// =========================================================================
-
-#[contract_impl]
-impl MintBurnable for SacManager {
-    fn mint(env: &Env, to: &Address, amount: i128) {
-        let oft = Self::oft_address(env);
-        Self::authorized_mint(env, &oft, to, amount);
-    }
-
-    fn burn(env: &Env, from: &Address, amount: i128) {
-        from.require_auth();
-
-        let oft = Self::oft_address(env);
-        oft.require_auth();
-        Self::__enforce_burn(env, &oft, from, amount, |_| {});
-
-        sac_client::<Self>(env).burn(from, &amount);
-    }
-}
-
-// =========================================================================
-// ISacManager Implementation (Owner operations)
-// =========================================================================
-
-#[contract_impl(contracttrait)]
-impl ISacManager for SacManager {
-    // =========================================================================
-    // Supply Control Operations
-    // =========================================================================
-
-    fn authorized_mint(env: &Env, sender: &Address, to: &Address, amount: i128) {
-        sender.require_auth();
-
-        // Validate the mint operation by supply control extension if needed.
-        Self::__enforce_mint(env, sender, to, amount, |sender| {
-            assert_with_error!(
-                env,
-                Some(sender) == Self::owner(env).as_ref() || sender == &Self::oft_address(env),
-                SacManagerError::Unauthorized
-            )
-        });
-
-        // Resolve the actual receiver address by redistribution extension if needed.
-        let actual_to = Self::__redistribute_funds(env, to, amount);
-
-        // Mint the tokens to the actual receiver address.
-        sac_client::<Self>(env).mint(&actual_to, &amount);
-    }
-
-    fn clawback(env: &Env, sender: &Address, from: &Address, amount: i128) {
-        sender.require_auth();
-        Self::__enforce_burn(env, sender, from, amount, |sender| {
-            assert_with_error!(env, Some(sender) == Self::owner(env).as_ref(), SacManagerError::Unauthorized)
-        });
-
-        sac_client::<Self>(env).clawback(from, &amount);
-    }
-
-    // =========================================================================
-    // SAC Admin Operations
-    // =========================================================================
-
-    #[only_auth]
-    fn release_sac_admin(env: &Env, to: &Address) {
-        sac_client::<Self>(env).set_admin(to);
-    }
-
-    #[only_auth]
-    fn set_authorized(env: &Env, id: &Address, authorize: bool) {
-        sac_client::<Self>(env).set_authorized(id, &authorize);
-    }
-
-    #[only_auth]
-    fn set_oft_address(env: &Env, new_oft: &Address) {
-        assert_with_error!(
-            env,
-            Some(new_oft) != SacManagerStorage::oft_address(env).as_ref(),
-            SacManagerError::SameValue
-        );
-        SacManagerStorage::set_oft_address(env, new_oft);
-    }
-
-    // =========================================================================
-    // View Functions
-    // =========================================================================
-
-    fn underlying_sac(env: &Env) -> Address {
-        SacManagerStorage::sac_token(env).unwrap()
-    }
-
-    fn oft_address(env: &Env) -> Address {
-        SacManagerStorage::oft_address(env).unwrap_or_panic(env, SacManagerError::OftAddressNotSet)
-    }
-}
-
-// =========================================================================
-// Extension Implementations
-// =========================================================================
-
-/// Supply control trait implementation
-#[contract_impl(contracttrait)]
-impl SupplyControl for SacManager {}
-impl SupplyControlInternal for SacManager {}
-
-/// Redistribution trait implementation
-#[contract_impl(contracttrait)]
-impl Redistribution for SacManager {}
-impl RedistributionInternal for SacManager {}
-
-// =========================================================================
-// Helper Functions
-// =========================================================================
-
-pub(crate) fn sac_client<T: ISacManager>(env: &Env) -> StellarAssetClient<'_> {
-    StellarAssetClient::new(env, &T::underlying_sac(env))
-}

package/contracts/sac-manager/src/storage.rs

@@ -1,20 +0,0 @@
-//! Storage definitions for the SAC manager contract.
-//!
-//! Each feature module owns its own storage to maintain modularity.
-//! This file contains the core storage and feature enable flags.
-
-use common_macros::storage;
-use soroban_sdk::Address;
-
-/// Core storage for the SacManager contract.
-/// Contains essential state and feature enable flags.
-#[storage]
-pub enum SacManagerStorage {
-    /// The underlying SAC (Stellar Asset Contract) address
-    #[instance(Address)]
-    SacToken,
-
-    /// The OFT contract address (authorized to call mint/burn)
-    #[instance(Address)]
-    OftAddress,
-}

package/contracts/sac-manager/src/tests/redistribution/mod.rs

@@ -1 +0,0 @@
-mod redistribute_funds;

package/contracts/sac-manager/src/tests/redistribution/redistribute_funds.rs

@@ -1,82 +0,0 @@
-//! Redistribution Extension Integration Tests
-//!
-//! Tests for the redistribution feature including:
-//! - redistribute_funds auth requirements
-//! - redistribute_funds error cases (NotBlacklisted)
-
-use crate::extensions::redistribution::RedistributionError;
-use crate::tests::test_helper::{mock_auth, TestSetup};
-use crate::extensions::redistribution::{RedistributeFunds, RedistributionClient};
-use soroban_sdk::{testutils::IssuerFlags, Address};
-use utils::testing_utils::assert_contains_event;
-
-fn mock_redistribute_funds_auth(setup: &TestSetup, from: &Address, amount: i128) {
-    mock_auth(&setup.env, &setup.sac_manager, &setup.owner, "redistribute_blacklisted_funds", (from, amount));
-}
-
-// =========================================================================
-// redistribute_funds Happy Path
-// =========================================================================
-
-#[test]
-fn test_redistribute_funds_success() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_redistribution_enabled().build();
-    let blacklisted_user = setup.generate_address();
-    let redistribution_client = RedistributionClient::new(&setup.env, &setup.sac_manager);
-
-    // Enable issuer flags required by set_authorized + clawback in SAC tests.
-    setup.sac_contract.issuer().set_flag(IssuerFlags::RevocableFlag);
-    setup.sac_contract.issuer().set_flag(IssuerFlags::ClawbackEnabledFlag);
-
-    // Prepare user funds, then blacklist the user.
-    mock_auth(&setup.env, &setup.sac_manager, &setup.oft, "mint", (&blacklisted_user, 1_000_i128));
-    setup.sac_manager_client.mint(&blacklisted_user, &1_000);
-    mock_auth(&setup.env, &setup.sac_manager, &setup.owner, "set_authorized", (&blacklisted_user, false));
-    setup.sac_manager_client.set_authorized(&blacklisted_user, &false);
-
-    let owner_balance_before = setup.sac_client.balance(&setup.owner);
-    let user_balance_before = setup.sac_client.balance(&blacklisted_user);
-    assert_eq!(user_balance_before, 1_000);
-    assert!(!setup.sac_client.authorized(&blacklisted_user));
-
-    mock_redistribute_funds_auth(&setup, &blacklisted_user, 400_i128);
-    redistribution_client.redistribute_blacklisted_funds(&blacklisted_user, &400);
-
-    let expected = RedistributeFunds { user: blacklisted_user.clone(), amount: 400 };
-    assert_contains_event(&setup.env, &setup.sac_manager, expected);
-
-    // Verify clawback from user + mint to owner.
-    assert_eq!(setup.sac_client.balance(&blacklisted_user), user_balance_before - 400);
-    assert_eq!(setup.sac_client.balance(&setup.owner), owner_balance_before + 400);
-}
-
-// =========================================================================
-// redistribute_funds Error Cases
-// =========================================================================
-
-#[test]
-fn test_redistribute_funds_fails_if_not_blacklisted() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_redistribution_enabled().build();
-    let user = setup.generate_address();
-    let redistribution_client = RedistributionClient::new(&setup.env, &setup.sac_manager);
-
-    // User is authorized by default (not blacklisted) — should fail
-    mock_redistribute_funds_auth(&setup, &user, 100_i128);
-    let result = redistribution_client.try_redistribute_blacklisted_funds(&user, &100);
-    assert_eq!(result.err().unwrap().unwrap(), RedistributionError::NotBlacklisted.into());
-}
-
-// =========================================================================
-// redistribute_funds Auth Tests
-// =========================================================================
-
-#[test]
-#[should_panic(expected = "Error(Auth, InvalidAction)")]
-fn test_redistribute_funds_fails_without_owner_auth() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_redistribution_enabled().build();
-    let user = setup.generate_address();
-    let redistribution_client = RedistributionClient::new(&setup.env, &setup.sac_manager);
-
-    // No auth mocked — owner auth fails
-    redistribution_client.redistribute_blacklisted_funds(&user, &100);
-}