@layerzerolabs/protocol-stellar-v2 0.2.33 → 0.2.34

package/contracts/sac-manager/src/tests/sac_manager/admin_mint.rs

@@ -1,206 +0,0 @@
-//! authorized_mint Integration Tests
-//!
-//! Core mint logic (supply control, redistribution, events) is tested via
-//! MintBurnable tests in `mint.rs`. These tests focus on authorized_mint-specific
-//! behavior: auth, owner fallback, and supply controllers calling directly.
-
-use super::test_helper::{mock_authorized_mint_auth, mock_set_authorized_auth, mock_set_supply_controller_auth};
-use crate::errors::SacManagerError;
-use crate::extensions::redistribution::RedistributeFunds;
-use crate::extensions::supply_control::SupplyIncreased;
-use crate::extensions::supply_control::{LimitConfig, SupplyControlError, SupplyControllerConfig};
-use crate::tests::test_helper::TestSetup;
-use soroban_sdk::{testutils::IssuerFlags, Vec};
-use utils::testing_utils::{assert_contains_event, assert_contains_events};
-
-// =========================================================================
-// authorized_mint Tests (without Supply Control — owner only)
-// =========================================================================
-
-#[test]
-fn test_authorized_mint_by_owner() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().build();
-    let recipient = setup.generate_address();
-
-    mock_authorized_mint_auth(&setup, &setup.owner, &recipient, 1000_i128);
-    setup.sac_manager_client.authorized_mint(&setup.owner, &recipient, &1000);
-    assert_eq!(setup.sac_client.balance(&recipient), 1000);
-}
-
-#[test]
-fn test_authorized_mint_redistributes_when_recipient_blacklisted() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_redistribution_enabled().build();
-    let blacklisted_recipient = setup.generate_address();
-
-    // Enable issuer flags required for blacklist and clawback behavior in SAC tests.
-    setup.sac_contract.issuer().set_flag(IssuerFlags::RevocableFlag);
-    setup.sac_contract.issuer().set_flag(IssuerFlags::ClawbackEnabledFlag);
-
-    mock_set_authorized_auth(&setup, &blacklisted_recipient, false);
-    setup.sac_manager_client.set_authorized(&blacklisted_recipient, &false);
-    assert!(!setup.sac_client.authorized(&blacklisted_recipient));
-
-    let owner_balance_before = setup.sac_client.balance(&setup.owner);
-    let blacklisted_balance_before = setup.sac_client.balance(&blacklisted_recipient);
-
-    // authorized_mint resolves recipient to owner when target is blacklisted (redistribution path).
-    mock_authorized_mint_auth(&setup, &setup.owner, &blacklisted_recipient, 700_i128);
-    setup.sac_manager_client.authorized_mint(&setup.owner, &blacklisted_recipient, &700);
-
-    // No SupplyIncreased when supply control is off; only RedistributeFunds is emitted.
-    let expected = RedistributeFunds { user: blacklisted_recipient.clone(), amount: 700 };
-    assert_contains_event(&setup.env, &setup.sac_manager, expected);
-
-    assert_eq!(setup.sac_client.balance(&blacklisted_recipient), blacklisted_balance_before);
-    assert_eq!(setup.sac_client.balance(&setup.owner), owner_balance_before + 700);
-}
-
-#[test]
-fn test_authorized_mint_by_non_owner_fails_without_supply_control() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().build();
-    let recipient = setup.generate_address();
-    let random = setup.generate_address();
-
-    // Supply control is off — only owner can call
-    mock_authorized_mint_auth(&setup, &random, &recipient, 1000_i128);
-    let result = setup.sac_manager_client.try_authorized_mint(&random, &recipient, &1000);
-    assert_eq!(result.err().unwrap().unwrap(), SacManagerError::Unauthorized.into());
-}
-
-// =========================================================================
-// authorized_mint Tests (with Supply Control)
-// =========================================================================
-
-#[test]
-fn test_authorized_mint_by_supply_controller() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-    let recipient = setup.generate_address();
-    let controller = setup.generate_address();
-
-    let config = SupplyControllerConfig {
-        limit_config: LimitConfig { limit_capacity: 10_000, refill_per_second: 0 },
-        allow_any_mint_burn: true,
-        whitelist_addresses: Vec::new(&setup.env),
-    };
-    mock_set_supply_controller_auth(&setup, &setup.sc_manager, &controller, &Some(config.clone()));
-    setup.sac_manager_client.set_supply_controller(&setup.sc_manager, &controller, &Some(config.clone()));
-
-    mock_authorized_mint_auth(&setup, &controller, &recipient, 1000_i128);
-    setup.sac_manager_client.authorized_mint(&controller, &recipient, &1000);
-    assert_eq!(setup.sac_client.balance(&recipient), 1000);
-}
-
-#[test]
-fn test_authorized_mint_by_owner_fails_with_supply_control_without_config() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-    let recipient = setup.generate_address();
-
-    // Owner is not auto-authorized when supply control is enabled and has no controller config.
-    mock_authorized_mint_auth(&setup, &setup.owner, &recipient, 1000_i128);
-    let result = setup.sac_manager_client.try_authorized_mint(&setup.owner, &recipient, &1000);
-    assert_eq!(result.err().unwrap().unwrap(), SupplyControlError::NotFound.into());
-}
-
-#[test]
-fn test_authorized_mint_redistributes_with_supply_control_enabled() {
-    let setup = TestSetup::new()
-        .with_manager_as_sac_admin()
-        .with_supply_control_enabled()
-        .with_redistribution_enabled()
-        .build();
-    let controller = setup.generate_address();
-    let blacklisted_recipient = setup.generate_address();
-
-    setup.sac_contract.issuer().set_flag(IssuerFlags::RevocableFlag);
-    setup.sac_contract.issuer().set_flag(IssuerFlags::ClawbackEnabledFlag);
-
-    // Force redistribution path by blacklisting recipient.
-    mock_set_authorized_auth(&setup, &blacklisted_recipient, false);
-    setup.sac_manager_client.set_authorized(&blacklisted_recipient, &false);
-    assert!(!setup.sac_client.authorized(&blacklisted_recipient));
-
-    let config = SupplyControllerConfig {
-        limit_config: LimitConfig { limit_capacity: 10_000, refill_per_second: 0 },
-        allow_any_mint_burn: true,
-        whitelist_addresses: Vec::new(&setup.env),
-    };
-    mock_set_supply_controller_auth(&setup, &setup.sc_manager, &controller, &Some(config.clone()));
-    setup.sac_manager_client.set_supply_controller(&setup.sc_manager, &controller, &Some(config));
-
-    let owner_balance_before = setup.sac_client.balance(&setup.owner);
-    let blacklisted_balance_before = setup.sac_client.balance(&blacklisted_recipient);
-
-    mock_authorized_mint_auth(&setup, &controller, &blacklisted_recipient, 700_i128);
-    setup.sac_manager_client.authorized_mint(&controller, &blacklisted_recipient, &700);
-
-    let expected = SupplyIncreased { controller: controller.clone(), to: blacklisted_recipient.clone(), amount: 700 };
-    let expected2 = RedistributeFunds { user: blacklisted_recipient.clone(), amount: 700 };
-    assert_contains_events(&setup.env, &setup.sac_manager, &[&expected, &expected2]);
-
-    assert_eq!(setup.sac_client.balance(&blacklisted_recipient), blacklisted_balance_before);
-    assert_eq!(setup.sac_client.balance(&setup.owner), owner_balance_before + 700);
-}
-
-#[test]
-fn test_authorized_mint_succeeds_when_amount_equals_rate_limit() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-    let recipient = setup.generate_address();
-    let controller = setup.generate_address();
-
-    let config = SupplyControllerConfig {
-        limit_config: LimitConfig { limit_capacity: 1_000, refill_per_second: 1 },
-        allow_any_mint_burn: true,
-        whitelist_addresses: Vec::new(&setup.env),
-    };
-    mock_set_supply_controller_auth(&setup, &setup.sc_manager, &controller, &Some(config.clone()));
-    setup.sac_manager_client.set_supply_controller(&setup.sc_manager, &controller, &Some(config));
-
-    mock_authorized_mint_auth(&setup, &controller, &recipient, 1000_i128);
-    setup.sac_manager_client.authorized_mint(&controller, &recipient, &1000);
-    assert_eq!(setup.sac_client.balance(&recipient), 1000);
-}
-
-#[test]
-fn test_authorized_mint_fails_when_amount_exceeds_rate_limit() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-    let recipient = setup.generate_address();
-    let controller = setup.generate_address();
-
-    let config = SupplyControllerConfig {
-        limit_config: LimitConfig { limit_capacity: 1_000, refill_per_second: 1 },
-        allow_any_mint_burn: true,
-        whitelist_addresses: Vec::new(&setup.env),
-    };
-    mock_set_supply_controller_auth(&setup, &setup.sc_manager, &controller, &Some(config.clone()));
-    setup.sac_manager_client.set_supply_controller(&setup.sc_manager, &controller, &Some(config));
-
-    mock_authorized_mint_auth(&setup, &controller, &recipient, 1001_i128);
-    let result = setup.sac_manager_client.try_authorized_mint(&controller, &recipient, &1001);
-    assert_eq!(result.err().unwrap().unwrap(), SupplyControlError::RateLimitExceeded.into());
-}
-
-#[test]
-fn test_authorized_mint_fails_without_supply_controller_config() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-    let recipient = setup.generate_address();
-    let random = setup.generate_address();
-
-    // Supply control enabled but sender is NOT a supply controller
-    mock_authorized_mint_auth(&setup, &random, &recipient, 1000_i128);
-    let result = setup.sac_manager_client.try_authorized_mint(&random, &recipient, &1000);
-    assert_eq!(result.err().unwrap().unwrap(), SupplyControlError::NotFound.into());
-}
-
-// =========================================================================
-// authorized_mint Auth Tests
-// =========================================================================
-
-#[test]
-#[should_panic(expected = "Error(Auth, InvalidAction)")]
-fn test_authorized_mint_without_auth() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().build();
-    let recipient = setup.generate_address();
-
-    // No auth mocked — sender.require_auth() fails
-    setup.sac_manager_client.authorized_mint(&setup.owner, &recipient, &1000);
-}

package/contracts/sac-manager/src/tests/sac_manager/burn.rs

@@ -1,215 +0,0 @@
-//! Burn (MintBurnable) Integration Tests
-//!
-//! Burn tests use explicit mock_auth setup so nested auth for `sac.burn`
-//! (`from.require_auth()`) is asserted deterministically.
-
-use super::test_helper::{mock_sac_owner_mint_auth, mock_set_mint_whitelist_auth, mock_set_supply_controller_auth};
-use crate::errors::SacManagerError;
-use crate::extensions::supply_control::{LimitConfig, SupplyControlClient, SupplyControlError, SupplyControllerConfig};
-use crate::tests::sac_manager::test_helper::mock_burn_auth;
-use crate::tests::test_helper::{mock_auth, mock_oft_mint_auth, TestSetup};
-use crate::extensions::supply_control::SupplyDecreased;
-use soroban_sdk::Vec;
-use utils::testing_utils::assert_contains_event;
-
-// =========================================================================
-// Burn Tests (with Supply Control)
-// =========================================================================
-
-#[test]
-fn test_burn_by_oft_with_supply_control() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-
-    let config = SupplyControllerConfig {
-        limit_config: LimitConfig { limit_capacity: 10_000, refill_per_second: 0 },
-        allow_any_mint_burn: true,
-        whitelist_addresses: Vec::new(&setup.env),
-    };
-    mock_set_supply_controller_auth(&setup, &setup.sc_manager, &setup.oft, &Some(config.clone()));
-    setup.sac_manager_client.set_supply_controller(&setup.sc_manager, &setup.oft, &Some(config.clone()));
-
-    // Mint tokens to OFT
-    mock_oft_mint_auth(&setup, &setup.oft, 1000_i128);
-    setup.sac_manager_client.mint(&setup.oft, &1000);
-    assert_eq!(setup.sac_client.balance(&setup.oft), 1000);
-
-    // OFT burns its own tokens
-    mock_burn_auth(&setup, &setup.oft, 500_i128);
-    setup.sac_manager_client.burn(&setup.oft, &500);
-    let expected = SupplyDecreased { controller: setup.oft.clone(), from: setup.oft.clone(), amount: 500 };
-    assert_contains_event(&setup.env, &setup.sac_manager, expected);
-    assert_eq!(setup.sac_client.balance(&setup.oft), 500);
-}
-
-#[test]
-fn test_burn_from_user_by_oft() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-    let user = setup.generate_address();
-
-    let config = SupplyControllerConfig {
-        limit_config: LimitConfig { limit_capacity: 10_000, refill_per_second: 0 },
-        allow_any_mint_burn: true,
-        whitelist_addresses: Vec::new(&setup.env),
-    };
-    mock_set_supply_controller_auth(&setup, &setup.sc_manager, &setup.oft, &Some(config.clone()));
-    setup.sac_manager_client.set_supply_controller(&setup.sc_manager, &setup.oft, &Some(config.clone()));
-
-    // Mint tokens to user
-    mock_oft_mint_auth(&setup, &user, 1000_i128);
-    setup.sac_manager_client.mint(&user, &1000);
-    assert_eq!(setup.sac_client.balance(&user), 1000);
-
-    // OFT burns tokens from user (user authorizes at SAC level)
-    mock_burn_auth(&setup, &user, 500_i128);
-    setup.sac_manager_client.burn(&user, &500);
-    let expected = SupplyDecreased { controller: setup.oft.clone(), from: user.clone(), amount: 500 };
-    assert_contains_event(&setup.env, &setup.sac_manager, expected);
-    assert_eq!(setup.sac_client.balance(&user), 500);
-}
-
-#[test]
-fn test_burn_from_self_fails_when_allow_any_mint_burn_is_false() {
-    let setup = TestSetup::new().with_supply_control_enabled().build();
-
-    let config = SupplyControllerConfig {
-        limit_config: LimitConfig { limit_capacity: 10_000, refill_per_second: 0 },
-        allow_any_mint_burn: false,
-        whitelist_addresses: Vec::new(&setup.env),
-    };
-    mock_set_supply_controller_auth(&setup, &setup.sc_manager, &setup.oft, &Some(config.clone()));
-    setup.sac_manager_client.set_supply_controller(&setup.sc_manager, &setup.oft, &Some(config.clone()));
-
-    // Mint to OFT directly via SAC owner
-    mock_sac_owner_mint_auth(&setup, &setup.oft, 1000_i128);
-    setup.sac_client.mint(&setup.oft, &1000);
-    assert_eq!(setup.sac_client.balance(&setup.oft), 1000);
-
-    // Burn-from-self should fail when allow_any_mint_burn is false
-    mock_burn_auth(&setup, &setup.oft, 500_i128);
-    let result = setup.sac_manager_client.try_burn(&setup.oft, &500);
-    assert_eq!(result.err().unwrap().unwrap(), SupplyControlError::CannotBurnFromAddress.into());
-}
-
-// =========================================================================
-// Burn Error Cases (Supply Control)
-// =========================================================================
-
-#[test]
-fn test_burn_fails_when_oft_not_supply_controller() {
-    let setup = TestSetup::new().with_supply_control_enabled().build();
-    let user = setup.generate_address();
-
-    // Mint tokens to user directly via SAC (bypassing supply control).
-    // Here SAC admin is still owner (not sac_manager), so owner can mint.
-    mock_sac_owner_mint_auth(&setup, &user, 1000_i128);
-    setup.sac_client.mint(&user, &1000);
-
-    // OFT is NOT added as supply controller — burn should fail
-    mock_burn_auth(&setup, &user, 500_i128);
-    let result = setup.sac_manager_client.try_burn(&user, &500);
-    assert_eq!(result.err().unwrap().unwrap(), SupplyControlError::NotFound.into());
-}
-
-#[test]
-fn test_burn_fails_when_controller_cannot_burn_from_address() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-    let user = setup.generate_address();
-
-    // OFT as controller WITHOUT allow_any_mint_burn
-    let config = SupplyControllerConfig {
-        limit_config: LimitConfig { limit_capacity: 10_000, refill_per_second: 0 },
-        allow_any_mint_burn: false,
-        whitelist_addresses: Vec::new(&setup.env),
-    };
-    mock_set_supply_controller_auth(&setup, &setup.sc_manager, &setup.oft, &Some(config.clone()));
-    setup.sac_manager_client.set_supply_controller(&setup.sc_manager, &setup.oft, &Some(config.clone()));
-
-    // Whitelist user for OFT controller to allow minting (allow_any=false)
-    let sc_client = SupplyControlClient::new(&setup.env, &setup.sac_manager);
-    mock_set_mint_whitelist_auth(&setup, &setup.sc_manager, &setup.oft, &user, true);
-    sc_client.set_mint_whitelist(&setup.sc_manager, &setup.oft, &user, &true);
-
-    // Mint tokens to user
-    mock_oft_mint_auth(&setup, &user, 1000_i128);
-    setup.sac_manager_client.mint(&user, &1000);
-
-    // OFT tries to burn from user without allow_any_mint_burn - should fail
-    mock_burn_auth(&setup, &user, 500_i128);
-    let result = setup.sac_manager_client.try_burn(&user, &500);
-    assert_eq!(result.err().unwrap().unwrap(), SupplyControlError::CannotBurnFromAddress.into());
-}
-
-// =========================================================================
-// Burn Tests (without Supply Control) — OFT calls burn
-// =========================================================================
-
-#[test]
-fn test_burn_by_oft_without_supply_control() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().build();
-
-    // Supply control is disabled by default
-    assert!(!setup.sac_manager_client.supply_control_enabled());
-
-    // Mint tokens to OFT first
-    mock_oft_mint_auth(&setup, &setup.oft, 1000_i128);
-    setup.sac_manager_client.mint(&setup.oft, &1000);
-    assert_eq!(setup.sac_client.balance(&setup.oft), 1000);
-
-    // OFT can burn when supply control is disabled
-    mock_burn_auth(&setup, &setup.oft, 500_i128);
-    setup.sac_manager_client.burn(&setup.oft, &500);
-    assert_eq!(setup.sac_client.balance(&setup.oft), 500);
-}
-
-#[test]
-fn test_burn_fails_when_amount_exceeds_balance() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().build();
-
-    mock_oft_mint_auth(&setup, &setup.oft, 100_i128);
-    setup.sac_manager_client.mint(&setup.oft, &100);
-    assert_eq!(setup.sac_client.balance(&setup.oft), 100);
-
-    mock_burn_auth(&setup, &setup.oft, 200_i128);
-    let result = setup.sac_manager_client.try_burn(&setup.oft, &200);
-    assert!(result.is_err());
-}
-
-#[test]
-fn test_burn_fails_when_oft_not_set() {
-    let setup = TestSetup::new().without_oft().build();
-    let user = setup.generate_address();
-
-    // Mock from auth so we pass from.require_auth() and reach the OFT address check
-    mock_auth(&setup.env, &setup.sac_manager, &user, "burn", (&user, 500_i128));
-    let result = setup.sac_manager_client.try_burn(&user, &500);
-    assert_eq!(result.err().unwrap().unwrap(), SacManagerError::OftAddressNotSet.into());
-}
-
-// =========================================================================
-// Burn Auth Tests
-// =========================================================================
-
-#[test]
-#[should_panic(expected = "Error(Auth, InvalidAction)")]
-fn test_burn_fails_without_oft_auth() {
-    // No mock_burn_auth — the OFT address won't be authorized
-    let setup = TestSetup::new().with_manager_as_sac_admin().build();
-    let user = setup.generate_address();
-
-    setup.sac_manager_client.burn(&user, &500);
-}
-
-#[test]
-#[should_panic(expected = "Error(Auth, InvalidAction)")]
-fn test_burn_fails_without_from_auth_even_if_oft_auth_present() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().build();
-    let user = setup.generate_address();
-
-    mock_oft_mint_auth(&setup, &user, 1000_i128);
-    setup.sac_manager_client.mint(&user, &1000);
-    assert_eq!(setup.sac_client.balance(&user), 1000);
-
-    // Only root OFT auth is mocked; nested SAC burn auth for `from` is intentionally missing.
-    mock_auth(&setup.env, &setup.sac_manager, &setup.oft, "burn", (&user, 500_i128));
-    setup.sac_manager_client.burn(&user, &500);
-}

package/contracts/sac-manager/src/tests/sac_manager/clawback.rs

@@ -1,209 +0,0 @@
-//! Clawback Integration Tests
-//!
-//! Tests for admin-initiated clawback functionality via `clawback`.
-//! The clawback operation uses SAC clawback, which requires AUTH_CLAWBACK_ENABLED
-//! flag on the SAC issuer.
-//!
-//! Core burn logic (supply control validation) is shared with MintBurnable::burn
-//! in `burn.rs`. These tests focus on clawback-specific behavior: auth, owner
-//! fallback, clawback mechanics, and supply controllers calling directly.
-
-use super::test_helper::{mock_authorized_mint_auth, mock_clawback_auth, mock_set_supply_controller_auth};
-use crate::errors::SacManagerError;
-use crate::extensions::supply_control::{LimitConfig, SupplyControlError, SupplyControllerConfig, SupplyDecreased};
-use crate::tests::test_helper::TestSetup;
-use soroban_sdk::{testutils::IssuerFlags, Vec};
-use utils::testing_utils::assert_contains_event;
-
-// =========================================================================
-// clawback Tests (without Supply Control — owner only)
-// =========================================================================
-
-#[test]
-fn test_clawback_by_owner() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().build();
-    let user = setup.generate_address();
-
-    setup.sac_contract.issuer().set_flag(IssuerFlags::RevocableFlag);
-    setup.sac_contract.issuer().set_flag(IssuerFlags::ClawbackEnabledFlag);
-
-    // Mint tokens to user first
-    mock_authorized_mint_auth(&setup, &setup.owner, &user, 1000_i128);
-    setup.sac_manager_client.authorized_mint(&setup.owner, &user, &1000);
-    assert_eq!(setup.sac_client.balance(&user), 1000);
-
-    // Owner clawbacks tokens from user (no SupplyDecreased event when supply control is off)
-    mock_clawback_auth(&setup, &setup.owner, &user, 500_i128);
-    setup.sac_manager_client.clawback(&setup.owner, &user, &500);
-    assert_eq!(setup.sac_client.balance(&user), 500);
-}
-
-#[test]
-fn test_clawback_full_balance() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().build();
-    let user = setup.generate_address();
-
-    setup.sac_contract.issuer().set_flag(IssuerFlags::RevocableFlag);
-    setup.sac_contract.issuer().set_flag(IssuerFlags::ClawbackEnabledFlag);
-
-    mock_authorized_mint_auth(&setup, &setup.owner, &user, 1000_i128);
-    setup.sac_manager_client.authorized_mint(&setup.owner, &user, &1000);
-
-    // Clawback full balance (boundary case: amount == balance)
-    mock_clawback_auth(&setup, &setup.owner, &user, 1000_i128);
-    setup.sac_manager_client.clawback(&setup.owner, &user, &1000);
-    assert_eq!(setup.sac_client.balance(&user), 0);
-}
-
-#[test]
-fn test_clawback_fails_when_amount_exceeds_balance() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().build();
-    let user = setup.generate_address();
-
-    setup.sac_contract.issuer().set_flag(IssuerFlags::RevocableFlag);
-    setup.sac_contract.issuer().set_flag(IssuerFlags::ClawbackEnabledFlag);
-
-    mock_authorized_mint_auth(&setup, &setup.owner, &user, 100_i128);
-    setup.sac_manager_client.authorized_mint(&setup.owner, &user, &100);
-
-    mock_clawback_auth(&setup, &setup.owner, &user, 200_i128);
-    let result = setup.sac_manager_client.try_clawback(&setup.owner, &user, &200);
-    assert!(result.is_err());
-}
-
-#[test]
-fn test_clawback_by_non_owner_fails_without_supply_control() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().build();
-    let user = setup.generate_address();
-    let random = setup.generate_address();
-
-    // Supply control is off — only owner can call
-    mock_clawback_auth(&setup, &random, &user, 500_i128);
-    let result = setup.sac_manager_client.try_clawback(&random, &user, &500);
-    assert_eq!(result.err().unwrap().unwrap(), SacManagerError::Unauthorized.into());
-}
-
-// =========================================================================
-// clawback Tests (with Supply Control)
-// =========================================================================
-
-#[test]
-fn test_clawback_by_supply_controller() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-    let user = setup.generate_address();
-    let controller = setup.generate_address();
-
-    setup.sac_contract.issuer().set_flag(IssuerFlags::RevocableFlag);
-    setup.sac_contract.issuer().set_flag(IssuerFlags::ClawbackEnabledFlag);
-
-    let config = SupplyControllerConfig {
-        limit_config: LimitConfig { limit_capacity: 10_000, refill_per_second: 0 },
-        allow_any_mint_burn: true,
-        whitelist_addresses: Vec::new(&setup.env),
-    };
-    mock_set_supply_controller_auth(&setup, &setup.sc_manager, &controller, &Some(config.clone()));
-    setup.sac_manager_client.set_supply_controller(&setup.sc_manager, &controller, &Some(config));
-
-    // Mint tokens to user via controller
-    mock_authorized_mint_auth(&setup, &controller, &user, 1000_i128);
-    setup.sac_manager_client.authorized_mint(&controller, &user, &1000);
-    assert_eq!(setup.sac_client.balance(&user), 1000);
-
-    // Controller clawbacks from user
-    mock_clawback_auth(&setup, &controller, &user, 500_i128);
-    setup.sac_manager_client.clawback(&controller, &user, &500);
-
-    let expected = SupplyDecreased { controller: controller.clone(), from: user.clone(), amount: 500 };
-    assert_contains_event(&setup.env, &setup.sac_manager, expected);
-
-    assert_eq!(setup.sac_client.balance(&user), 500);
-}
-
-#[test]
-fn test_clawback_by_owner_fails_with_supply_control_without_config() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-    let user = setup.generate_address();
-
-    setup.sac_contract.issuer().set_flag(IssuerFlags::RevocableFlag);
-    setup.sac_contract.issuer().set_flag(IssuerFlags::ClawbackEnabledFlag);
-
-    // Owner is not auto-authorized when supply control is enabled and has no controller config.
-    mock_clawback_auth(&setup, &setup.owner, &user, 500_i128);
-    let result = setup.sac_manager_client.try_clawback(&setup.owner, &user, &500);
-    assert_eq!(result.err().unwrap().unwrap(), SupplyControlError::NotFound.into());
-}
-
-#[test]
-fn test_clawback_fails_without_supply_controller_config() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-    let user = setup.generate_address();
-    let random = setup.generate_address();
-
-    // Supply control enabled but sender is NOT a supply controller
-    mock_clawback_auth(&setup, &random, &user, 500_i128);
-    let result = setup.sac_manager_client.try_clawback(&random, &user, &500);
-    assert_eq!(result.err().unwrap().unwrap(), SupplyControlError::NotFound.into());
-}
-
-#[test]
-fn test_clawback_fails_when_controller_cannot_burn_from_address() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-    let user = setup.generate_address();
-    let controller = setup.generate_address();
-
-    // Controller WITHOUT allow_any_mint_burn
-    let config = SupplyControllerConfig {
-        limit_config: LimitConfig { limit_capacity: 10_000, refill_per_second: 0 },
-        allow_any_mint_burn: false,
-        whitelist_addresses: Vec::new(&setup.env),
-    };
-    mock_set_supply_controller_auth(&setup, &setup.sc_manager, &controller, &Some(config.clone()));
-    setup.sac_manager_client.set_supply_controller(&setup.sc_manager, &controller, &Some(config));
-
-    // Controller tries to burn from user without allow_any_mint_burn — should fail
-    mock_clawback_auth(&setup, &controller, &user, 500_i128);
-    let result = setup.sac_manager_client.try_clawback(&controller, &user, &500);
-    assert_eq!(result.err().unwrap().unwrap(), SupplyControlError::CannotBurnFromAddress.into());
-}
-
-#[test]
-fn test_clawback_by_controller_from_self() {
-    let setup = TestSetup::new().with_manager_as_sac_admin().with_supply_control_enabled().build();
-    let controller = setup.generate_address();
-
-    setup.sac_contract.issuer().set_flag(IssuerFlags::RevocableFlag);
-    setup.sac_contract.issuer().set_flag(IssuerFlags::ClawbackEnabledFlag);
-
-    // Controller WITH allow_any_mint_burn — required for any burn including from self
-    let config = SupplyControllerConfig {
-        limit_config: LimitConfig { limit_capacity: 10_000, refill_per_second: 0 },
-        allow_any_mint_burn: true,
-        whitelist_addresses: Vec::new(&setup.env),
-    };
-    mock_set_supply_controller_auth(&setup, &setup.sc_manager, &controller, &Some(config.clone()));
-    setup.sac_manager_client.set_supply_controller(&setup.sc_manager, &controller, &Some(config));
-
-    // Mint tokens to controller itself
-    mock_authorized_mint_auth(&setup, &controller, &controller, 1000_i128);
-    setup.sac_manager_client.authorized_mint(&controller, &controller, &1000);
-    assert_eq!(setup.sac_client.balance(&controller), 1000);
-
-    // Controller clawbacks from self — requires allow_any_mint_burn
-    mock_clawback_auth(&setup, &controller, &controller, 500_i128);
-    setup.sac_manager_client.clawback(&controller, &controller, &500);
-    assert_eq!(setup.sac_client.balance(&controller), 500);
-}
-
-// =========================================================================
-// clawback Auth Tests
-// =========================================================================
-
-#[test]
-#[should_panic(expected = "Error(Auth, InvalidAction)")]
-fn test_clawback_fails_without_auth() {
-    let setup = TestSetup::new().build();
-    let user = setup.generate_address();
-
-    // Should panic because sender doesn't authorize the call
-    setup.sac_manager_client.clawback(&setup.owner, &user, &300);
-}