@layerzerolabs/protocol-stellar-v2 0.2.39 → 0.2.41

package/contracts/oapps/oft/integration-tests/utils.rs

@@ -1,6 +1,8 @@
 //! Utility functions for OFT-STD integration tests.
 
-use crate::extensions::rate_limiter::{Direction, Mode, RateLimitConfig};
+use crate::extensions::rate_limiter::{Direction, Mode, RateLimitConfig, RATE_LIMITER_ADMIN_ROLE};
+use crate::extensions::oft_fee::FEE_ADMIN_ROLE;
+use crate::extensions::pausable::{PAUSER_ROLE, UNPAUSER_ROLE};
 use crate::integration_tests::setup::{decode_packet, ChainSetup};
 use crate::MintableClient;
 use endpoint_v2::{MessagingFee, Origin, OutboundPacket};
@@ -13,7 +15,6 @@ use soroban_sdk::{
     xdr::ToXdr,
     Address, Bytes, BytesN, Env, IntoVal, Map, Symbol, Val, Vec,
 };
-
 // ============================================================================
 // Address Conversion Utilities
 // ============================================================================
@@ -356,16 +357,44 @@ pub fn token_balance(env: &Env, token: &Address, account: &Address) -> i128 {
 // ============================================================================
 
 pub fn set_paused(env: &Env, chain: &ChainSetup<'_>, paused: bool) {
+    // `pause` / `unpause` are protected by RBAC (`PAUSER_ROLE` / `UNPAUSER_ROLE`). Grant them to owner for tests.
+    let pauser = Symbol::new(env, PAUSER_ROLE);
+    let unpauser = Symbol::new(env, UNPAUSER_ROLE);
     env.mock_auths(&[MockAuth {
         address: &chain.owner,
         invoke: &MockAuthInvoke {
             contract: &chain.oft.address,
-            fn_name: "set_paused",
-            args: (&paused,).into_val(env),
+            fn_name: "grant_role",
+            args: (&chain.owner, &pauser, &chain.owner).into_val(env),
             sub_invokes: &[],
         },
     }]);
-    chain.oft.set_paused(&paused);
+    chain.oft.grant_role(&chain.owner, &pauser, &chain.owner);
+    env.mock_auths(&[MockAuth {
+        address: &chain.owner,
+        invoke: &MockAuthInvoke {
+            contract: &chain.oft.address,
+            fn_name: "grant_role",
+            args: (&chain.owner, &unpauser, &chain.owner).into_val(env),
+            sub_invokes: &[],
+        },
+    }]);
+    chain.oft.grant_role(&chain.owner, &unpauser, &chain.owner);
+
+    env.mock_auths(&[MockAuth {
+        address: &chain.owner,
+        invoke: &MockAuthInvoke {
+            contract: &chain.oft.address,
+            fn_name: if paused { "pause" } else { "unpause" },
+            args: (&chain.owner,).into_val(env),
+            sub_invokes: &[],
+        },
+    }]);
+    if paused {
+        chain.oft.pause(&chain.owner);
+    } else {
+        chain.oft.unpause(&chain.owner);
+    }
 }
 
 pub fn is_paused(chain: &ChainSetup<'_>) -> bool {
@@ -377,45 +406,84 @@ pub fn is_paused(chain: &ChainSetup<'_>) -> bool {
 // ============================================================================
 
 pub fn set_fee_deposit_address(env: &Env, chain: &ChainSetup<'_>, deposit_address: &Address) {
+    // `set_fee_deposit_address` is protected by RBAC (`FEE_ADMIN_ROLE`). Grant it to owner for tests.
+    let role = Symbol::new(env, FEE_ADMIN_ROLE);
+    env.mock_auths(&[MockAuth {
+        address: &chain.owner,
+        invoke: &MockAuthInvoke {
+            contract: &chain.oft.address,
+            fn_name: "grant_role",
+            args: (&chain.owner, &role, &chain.owner).into_val(env),
+            sub_invokes: &[],
+        },
+    }]);
+    chain.oft.grant_role(&chain.owner, &role, &chain.owner);
+
     let deposit_address_opt = Some(deposit_address.clone());
     env.mock_auths(&[MockAuth {
         address: &chain.owner,
         invoke: &MockAuthInvoke {
             contract: &chain.oft.address,
             fn_name: "set_fee_deposit_address",
-            args: (&deposit_address_opt,).into_val(env),
+            args: (&deposit_address_opt, &chain.owner).into_val(env),
             sub_invokes: &[],
         },
     }]);
-    chain.oft.set_fee_deposit_address(&deposit_address_opt);
+    chain.oft.set_fee_deposit_address(&deposit_address_opt, &chain.owner);
 }
 
 pub fn set_default_fee_bps(env: &Env, chain: &ChainSetup<'_>, fee_bps: u32) {
+    // `set_default_fee_bps` is protected by RBAC (`FEE_ADMIN_ROLE`). Grant it to owner for tests.
+    let role = Symbol::new(env, FEE_ADMIN_ROLE);
+    env.mock_auths(&[MockAuth {
+        address: &chain.owner,
+        invoke: &MockAuthInvoke {
+            contract: &chain.oft.address,
+            fn_name: "grant_role",
+            args: (&chain.owner, &role, &chain.owner).into_val(env),
+            sub_invokes: &[],
+        },
+    }]);
+    chain.oft.grant_role(&chain.owner, &role, &chain.owner);
+
     let fee_bps_opt = Some(fee_bps);
     env.mock_auths(&[MockAuth {
         address: &chain.owner,
         invoke: &MockAuthInvoke {
             contract: &chain.oft.address,
             fn_name: "set_default_fee_bps",
-            args: (&fee_bps_opt,).into_val(env),
+            args: (&fee_bps_opt, &chain.owner).into_val(env),
             sub_invokes: &[],
         },
     }]);
-    chain.oft.set_default_fee_bps(&fee_bps_opt);
+    chain.oft.set_default_fee_bps(&fee_bps_opt, &chain.owner);
 }
 
 pub fn set_fee_bps(env: &Env, chain: &ChainSetup<'_>, dst_eid: u32, fee_bps: u32) {
+    // `set_fee_bps` is protected by RBAC (`FEE_ADMIN_ROLE`). Grant it to owner for tests.
+    let role = Symbol::new(env, FEE_ADMIN_ROLE);
+    env.mock_auths(&[MockAuth {
+        address: &chain.owner,
+        invoke: &MockAuthInvoke {
+            contract: &chain.oft.address,
+            fn_name: "grant_role",
+            args: (&chain.owner, &role, &chain.owner).into_val(env),
+            sub_invokes: &[],
+        },
+    }]);
+    chain.oft.grant_role(&chain.owner, &role, &chain.owner);
+
     let fee_bps_opt = Some(fee_bps);
     env.mock_auths(&[MockAuth {
         address: &chain.owner,
         invoke: &MockAuthInvoke {
             contract: &chain.oft.address,
             fn_name: "set_fee_bps",
-            args: (&dst_eid, &fee_bps_opt).into_val(env),
+            args: (&dst_eid, &fee_bps_opt, &chain.owner).into_val(env),
             sub_invokes: &[],
         },
     }]);
-    chain.oft.set_fee_bps(&dst_eid, &fee_bps_opt);
+    chain.oft.set_fee_bps(&dst_eid, &fee_bps_opt, &chain.owner);
 }
 
 // ============================================================================
@@ -442,17 +510,30 @@ pub fn set_rate_limit_with_mode(
     window_seconds: u64,
     mode: Mode,
 ) {
+    // `set_rate_limit` is protected by RBAC (`RATE_LIMITER_ADMIN_ROLE`). Grant it to owner for tests.
+    let role = Symbol::new(env, RATE_LIMITER_ADMIN_ROLE);
+    env.mock_auths(&[MockAuth {
+        address: &chain.owner,
+        invoke: &MockAuthInvoke {
+            contract: &chain.oft.address,
+            fn_name: "grant_role",
+            args: (&chain.owner, &role, &chain.owner).into_val(env),
+            sub_invokes: &[],
+        },
+    }]);
+    chain.oft.grant_role(&chain.owner, &role, &chain.owner);
+
     let config = Some(RateLimitConfig { limit, window_seconds, mode });
     env.mock_auths(&[MockAuth {
         address: &chain.owner,
         invoke: &MockAuthInvoke {
             contract: &chain.oft.address,
             fn_name: "set_rate_limit",
-            args: (direction, &dst_eid, &config).into_val(env),
+            args: (direction, &dst_eid, &config, &chain.owner).into_val(env),
             sub_invokes: &[],
         },
     }]);
-    chain.oft.set_rate_limit(direction, &dst_eid, &config);
+    chain.oft.set_rate_limit(direction, &dst_eid, &config, &chain.owner);
 }
 
 pub fn rate_limit_capacity(chain: &ChainSetup<'_>, direction: &Direction, eid: u32) -> i128 {

package/contracts/oapps/oft/src/extensions/oft_fee.rs

@@ -1,6 +1,9 @@
-use common_macros::{contract_error, contract_trait, only_auth, storage};
+use common_macros::{contract_error, contract_trait, only_role, storage};
 use soroban_sdk::{assert_with_error, contractevent, token::TokenClient, Address, Env};
-use utils::{auth::Auth, option_ext::OptionExt};
+use utils::{option_ext::OptionExt, rbac::RoleBasedAccessControl};
+
+/// Role for fee configuration (set_default_fee_bps, set_fee_bps, set_fee_deposit_address).
+pub const FEE_ADMIN_ROLE: &str = "FEE_ADMIN_ROLE";
 
 /// Base fee in basis points (10,000 BPS = 100%)
 /// Used as denominator in fee calculations
@@ -69,7 +72,7 @@ pub struct FeeDepositAddressSet {
 // =========================================================================
 
 #[contract_trait]
-pub trait OFTFee: OFTFeeInternal + Auth {
+pub trait OFTFee: OFTFeeInternal + RoleBasedAccessControl {
     // =========================================================================
     // Management Functions
     // =========================================================================
@@ -79,8 +82,9 @@ pub trait OFTFee: OFTFeeInternal + Auth {
     /// - `Some(n)`: sets the default fee to `n` basis points (must be >0 and <=10,000).
     /// - `Some(0)`: rejected — use `None` to remove the default fee instead.
     /// - `None`: removes the default fee (effective rate becomes 0).
-    #[only_auth]
-    fn set_default_fee_bps(env: &soroban_sdk::Env, default_fee_bps: &Option<u32>) {
+    /// * `operator` - The address that must have FEE_ADMIN_ROLE
+    #[only_role(operator, FEE_ADMIN_ROLE)]
+    fn set_default_fee_bps(env: &soroban_sdk::Env, default_fee_bps: &Option<u32>, operator: &soroban_sdk::Address) {
         Self::__set_default_fee_bps(env, default_fee_bps);
     }
 
@@ -92,14 +96,23 @@ pub trait OFTFee: OFTFeeInternal + Auth {
     /// # Arguments
     /// * `dst_eid` - The destination endpoint ID
     /// * `fee_bps` - The fee rate (0-10,000), or None to remove the fee configuration
-    #[only_auth]
-    fn set_fee_bps(env: &soroban_sdk::Env, dst_eid: u32, fee_bps: &Option<u32>) {
+    /// * `operator` - The address that must have FEE_ADMIN_ROLE
+    #[only_role(operator, FEE_ADMIN_ROLE)]
+    fn set_fee_bps(env: &soroban_sdk::Env, dst_eid: u32, fee_bps: &Option<u32>, operator: &soroban_sdk::Address) {
         Self::__set_fee_bps(env, dst_eid, fee_bps);
     }
 
     /// Sets or removes the address where collected fees will be deposited.
-    #[only_auth]
-    fn set_fee_deposit_address(env: &soroban_sdk::Env, fee_deposit_address: &Option<soroban_sdk::Address>) {
+    ///
+    /// # Arguments
+    /// * `fee_deposit_address` - The address to deposit fees to, or None to remove the fee deposit address
+    /// * `operator` - The address that must have FEE_ADMIN_ROLE
+    #[only_role(operator, FEE_ADMIN_ROLE)]
+    fn set_fee_deposit_address(
+        env: &soroban_sdk::Env,
+        fee_deposit_address: &Option<soroban_sdk::Address>,
+        operator: &soroban_sdk::Address,
+    ) {
         Self::__set_fee_deposit_address(env, fee_deposit_address);
     }
 
@@ -134,7 +147,7 @@ pub trait OFTFee: OFTFeeInternal + Auth {
 }
 
 /// Internal trait for OFT fee operations used by OFT hooks.
-/// Contains only truly internal methods that are called from OFTInternal implementations.
+/// Contains only truly internal methods that are called from OFTFee implementations.
 pub trait OFTFeeInternal {
     // =========================================================================
     // OFT Hooks

package/contracts/oapps/oft/src/extensions/pausable.rs

@@ -1,6 +1,12 @@
-use common_macros::{contract_error, contract_trait, only_auth, storage};
+use common_macros::{contract_error, contract_trait, only_role, storage};
 use soroban_sdk::{assert_with_error, contractevent, Env};
-use utils::auth::Auth;
+use utils::rbac::RoleBasedAccessControl;
+
+/// Role for pausing the contract.
+pub const PAUSER_ROLE: &str = "PAUSER_ROLE";
+
+/// Role for unpausing the contract.
+pub const UNPAUSER_ROLE: &str = "UNPAUSER_ROLE";
 
 // =========================================================================
 // Storage
@@ -37,18 +43,33 @@ pub struct PausedSet {
 // =========================================================================
 
 #[contract_trait]
-pub trait OFTPausable: OFTPausableInternal + Auth {
-    /// Sets the paused state of the OFT.
+pub trait OFTPausable: OFTPausableInternal + RoleBasedAccessControl {
+    // =========================================================================
+    // Management Functions
+    // =========================================================================
+
+    /// Pauses the OFT. When paused, the OFT will reject new send/receive/quote_send/quote_oft operations.
     ///
-    /// When paused, the OFT will reject new send/receive/quote_send/quote_oft operations.
+    /// # Arguments
+    /// * `operator` - The address that must have PAUSER_ROLE
+    #[only_role(operator, PAUSER_ROLE)]
+    fn pause(env: &soroban_sdk::Env, operator: &soroban_sdk::Address) {
+        Self::__set_paused(env, true);
+    }
+
+    /// Unpauses the OFT.
     ///
     /// # Arguments
-    /// * `paused` - `true` to pause, `false` to unpause
-    #[only_auth]
-    fn set_paused(env: &soroban_sdk::Env, paused: bool) {
-        Self::__set_paused(env, paused);
+    /// * `operator` - The address that must have UNPAUSER_ROLE
+    #[only_role(operator, UNPAUSER_ROLE)]
+    fn unpause(env: &soroban_sdk::Env, operator: &soroban_sdk::Address) {
+        Self::__set_paused(env, false);
     }
 
+    // =========================================================================
+    // View Functions
+    // =========================================================================
+
     /// Returns the paused state of the OFT.
     fn is_paused(env: &soroban_sdk::Env) -> bool {
         Self::__is_paused(env)
@@ -56,7 +77,7 @@ pub trait OFTPausable: OFTPausableInternal + Auth {
 }
 
 /// Internal trait for pausable operations used by OFT hooks.
-/// Contains only truly internal methods that are called from OFTInternal implementations.
+/// Contains only truly internal methods that are called from OFTPausable implementations.
 pub trait OFTPausableInternal {
     // =========================================================================
     // OFT Hooks

package/contracts/oapps/oft/src/extensions/rate_limiter.rs

@@ -1,7 +1,10 @@
 use crate as oft;
-use common_macros::{contract_error, contract_trait, only_auth, storage};
+use common_macros::{contract_error, contract_trait, only_role, storage};
 use soroban_sdk::{assert_with_error, contractevent, contracttype, Env};
-use utils::auth::Auth;
+use utils::rbac::RoleBasedAccessControl;
+
+/// Role for rate limiter configuration (set_rate_limit).
+pub const RATE_LIMITER_ADMIN_ROLE: &str = "RATE_LIMITER_ADMIN_ROLE";
 
 // =========================================================================
 // Types
@@ -94,7 +97,7 @@ pub struct RateLimitSet {
 // =========================================================================
 
 #[contract_trait]
-pub trait RateLimiter: RateLimiterInternal + Auth {
+pub trait RateLimiter: RateLimiterInternal + RoleBasedAccessControl {
     // =========================================================================
     // Management Functions
     // =========================================================================
@@ -105,12 +108,14 @@ pub trait RateLimiter: RateLimiterInternal + Auth {
     /// * `direction` - The direction (Inbound or Outbound)
     /// * `eid` - The endpoint ID
     /// * `config` - The rate limit configuration, or None to remove the rate limit
-    #[only_auth]
+    /// * `operator` - The address that must have RATE_LIMITER_ADMIN_ROLE
+    #[only_role(operator, RATE_LIMITER_ADMIN_ROLE)]
     fn set_rate_limit(
         env: &soroban_sdk::Env,
         direction: &oft::rate_limiter::Direction,
         eid: u32,
         config: &Option<oft::rate_limiter::RateLimitConfig>,
+        operator: &soroban_sdk::Address,
     ) {
         Self::__set_rate_limit(env, direction, eid, config);
     }

package/contracts/oapps/oft/src/oft.rs

@@ -42,11 +42,10 @@ impl OFT {
         token: &Address,
         shared_decimals: u32,
         oft_type: OftType,
-        owner: &Address,
         endpoint: &Address,
         delegate: &Address,
     ) {
-        Self::__initialize_oft(env, token, shared_decimals, owner, endpoint, delegate);
+        Self::__initialize_oft(env, token, shared_decimals, delegate, endpoint, delegate);
         OFTStorage::set_oft_type(env, &oft_type);
     }
 

package/contracts/oapps/oft/src/tests/extensions/oft_fee.rs

@@ -1,13 +1,15 @@
 extern crate std;
 
 use crate::extensions::oft_fee::{OFTFee, OFTFeeError, OFTFeeInternal};
+use crate::extensions::oft_fee::FEE_ADMIN_ROLE;
 use soroban_sdk::{
     contract, contractimpl,
     testutils::{Address as _, MockAuth, MockAuthInvoke},
     token::{StellarAssetClient, TokenClient},
-    Address, Env, IntoVal,
+    Address, Env, IntoVal, Symbol,
 };
 use utils::auth::Auth;
+use utils::rbac::{grant_role_no_auth, RoleBasedAccessControl};
 
 // ============================================================================
 // Test Contract
@@ -27,8 +29,17 @@ impl OFTFeeInternal for FeeTestContract {}
 #[contractimpl(contracttrait)]
 impl OFTFee for FeeTestContract {}
 
+#[contractimpl(contracttrait)]
+impl RoleBasedAccessControl for FeeTestContract {}
+
 #[contractimpl]
 impl FeeTestContract {
+    /// Test-only: grants FEE_ADMIN_ROLE to the contract.
+    pub fn init_roles(env: Env) {
+        let contract_id = env.current_contract_address();
+        grant_role_no_auth(&env, &contract_id, &Symbol::new(&env, FEE_ADMIN_ROLE), &contract_id);
+    }
+
     pub fn fee_view(env: Env, dst_eid: u32, amount_ld: i128) -> i128 {
         <Self as OFTFeeInternal>::__fee_view(&env, dst_eid, amount_ld)
     }
@@ -59,6 +70,7 @@ fn setup() -> TestSetup {
 
     let contract_id = env.register(FeeTestContract, ());
     let client = FeeTestContractClient::new(&env, &contract_id);
+    client.init_roles();
 
     let token_admin = Address::generate(&env);
     let sac = env.register_stellar_asset_contract_v2(token_admin.clone());
@@ -94,9 +106,9 @@ fn test_fee_deposit_address_returns_none_when_unset() {
 
 #[test]
 fn test_fee_view_nonzero_fee_errors_when_deposit_address_unset() {
-    let TestSetup { client, .. } = setup();
+    let TestSetup { client, contract_id, .. } = setup();
 
-    client.set_default_fee_bps(&Some(100u32));
+    client.set_default_fee_bps(&Some(100u32), &contract_id);
 
     let res = client.try_fee_view(&7u32, &1_000_000i128);
     assert_eq!(res.err().unwrap().ok().unwrap(), OFTFeeError::InvalidFeeDepositAddress.into());
@@ -108,29 +120,29 @@ fn test_fee_view_nonzero_fee_errors_when_deposit_address_unset() {
 
 #[test]
 fn test_set_default_fee_bps_rejects_invalid_value() {
-    let TestSetup { client, .. } = setup();
+    let TestSetup { client, contract_id, .. } = setup();
 
     // Zero is not a valid default fee (use None to remove instead)
-    let res = client.try_set_default_fee_bps(&Some(0u32));
+    let res = client.try_set_default_fee_bps(&Some(0u32), &contract_id);
     assert_eq!(res.err().unwrap().ok().unwrap(), OFTFeeError::InvalidFeeBps.into());
 
     // Exceeds maximum
-    let res = client.try_set_default_fee_bps(&Some(10_001u32));
+    let res = client.try_set_default_fee_bps(&Some(10_001u32), &contract_id);
     assert_eq!(res.err().unwrap().ok().unwrap(), OFTFeeError::InvalidFeeBps.into());
 }
 
 #[test]
 fn test_set_default_fee_bps_rejects_same_value() {
-    let TestSetup { client, .. } = setup();
+    let TestSetup { client, contract_id, .. } = setup();
 
     // None when already None (not set)
     let none: Option<u32> = None;
-    let res = client.try_set_default_fee_bps(&none);
+    let res = client.try_set_default_fee_bps(&none, &contract_id);
     assert_eq!(res.err().unwrap().ok().unwrap(), OFTFeeError::SameValue.into());
 
     // Same value when already set
-    client.set_default_fee_bps(&Some(123u32));
-    let res2 = client.try_set_default_fee_bps(&Some(123u32));
+    client.set_default_fee_bps(&Some(123u32), &contract_id);
+    let res2 = client.try_set_default_fee_bps(&Some(123u32), &contract_id);
     assert_eq!(res2.err().unwrap().ok().unwrap(), OFTFeeError::SameValue.into());
 }
 
@@ -140,27 +152,27 @@ fn test_set_default_fee_bps_rejects_same_value() {
 
 #[test]
 fn test_set_fee_bps_rejects_invalid_and_same_value() {
-    let TestSetup { client, .. } = setup();
+    let TestSetup { client, contract_id, .. } = setup();
     let dst_eid = 101u32;
 
-    let res = client.try_set_fee_bps(&dst_eid, &None);
+    let res = client.try_set_fee_bps(&dst_eid, &None, &contract_id);
     assert_eq!(res.err().unwrap().ok().unwrap(), OFTFeeError::SameValue.into());
 
-    let res2 = client.try_set_fee_bps(&dst_eid, &Some(10_001u32));
+    let res2 = client.try_set_fee_bps(&dst_eid, &Some(10_001u32), &contract_id);
     assert_eq!(res2.err().unwrap().ok().unwrap(), OFTFeeError::InvalidFeeBps.into());
 }
 
 #[test]
 fn test_set_fee_bps_set_and_remove() {
-    let TestSetup { client, .. } = setup();
+    let TestSetup { client, contract_id, .. } = setup();
     let dst_eid = 101u32;
 
-    client.set_fee_bps(&dst_eid, &Some(200u32));
+    client.set_fee_bps(&dst_eid, &Some(200u32), &contract_id);
     assert_eq!(client.fee_bps(&dst_eid), Some(200u32));
     assert_eq!(client.effective_fee_bps(&dst_eid), 200u32);
 
-    client.set_default_fee_bps(&Some(111u32));
-    client.set_fee_bps(&dst_eid, &None);
+    client.set_default_fee_bps(&Some(111u32), &contract_id);
+    client.set_fee_bps(&dst_eid, &None, &contract_id);
     assert_eq!(client.fee_bps(&dst_eid), None);
     assert_eq!(client.effective_fee_bps(&dst_eid), 111u32);
 }
@@ -195,19 +207,19 @@ fn test_charge_fee_errors_without_deposit_address() {
 
 #[test]
 fn test_set_fee_deposit_address_same_value() {
-    let TestSetup { client, fee_deposit, .. } = setup();
+    let TestSetup { client, contract_id, fee_deposit, .. } = setup();
 
     let fee_deposit_opt = Some(fee_deposit);
-    client.set_fee_deposit_address(&fee_deposit_opt);
-    let res = client.try_set_fee_deposit_address(&fee_deposit_opt);
+    client.set_fee_deposit_address(&fee_deposit_opt, &contract_id);
+    let res = client.try_set_fee_deposit_address(&fee_deposit_opt, &contract_id);
     assert_eq!(res.err().unwrap().ok().unwrap(), OFTFeeError::SameValue.into());
 }
 
 #[test]
 fn test_charge_fee_zero_amount_no_transfer() {
-    let TestSetup { env, client, token, from, fee_deposit, .. } = setup();
+    let TestSetup { env, client, contract_id, token, from, fee_deposit, .. } = setup();
 
-    client.set_fee_deposit_address(&Some(fee_deposit.clone()));
+    client.set_fee_deposit_address(&Some(fee_deposit.clone()), &contract_id);
 
     let token_client = TokenClient::new(&env, &token);
     let from_before = token_client.balance(&from);
@@ -222,9 +234,9 @@ fn test_charge_fee_zero_amount_no_transfer() {
 
 #[test]
 fn test_charge_fee_transfers() {
-    let TestSetup { env, client, token, from, fee_deposit, .. } = setup();
+    let TestSetup { env, client, contract_id, token, from, fee_deposit, .. } = setup();
 
-    client.set_fee_deposit_address(&Some(fee_deposit.clone()));
+    client.set_fee_deposit_address(&Some(fee_deposit.clone()), &contract_id);
 
     let token_client = TokenClient::new(&env, &token);
     let from_before = token_client.balance(&from);
@@ -238,10 +250,10 @@ fn test_charge_fee_transfers() {
 
 #[test]
 fn test_fee_view_computes_correct_fee() {
-    let TestSetup { client, fee_deposit, .. } = setup();
+    let TestSetup { client, contract_id, fee_deposit, .. } = setup();
 
-    client.set_fee_deposit_address(&Some(fee_deposit));
-    client.set_default_fee_bps(&Some(100u32)); // 1%
+    client.set_fee_deposit_address(&Some(fee_deposit), &contract_id);
+    client.set_default_fee_bps(&Some(100u32), &contract_id); // 1%
 
     let fee = client.fee_view(&999u32, &10_000i128);
     assert_eq!(fee, 100); // 1% of 10,000