Skip to content

Resolves three open issues by implementing the required modules, fixing compilation errors, and closing a critical security bug.#537

Merged
Smartdevs17 merged 4 commits into
Smartdevs17:mainfrom
JONAH-6:main
Jun 24, 2026
Merged

Resolves three open issues by implementing the required modules, fixing compilation errors, and closing a critical security bug.#537
Smartdevs17 merged 4 commits into
Smartdevs17:mainfrom
JONAH-6:main

Conversation

@JONAH-6

@JONAH-6 JONAH-6 commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

What This PR Does

Resolves three open issues by implementing the required modules, fixing compilation errors, and closing a critical governance security bug.

Changes by File

contracts/hello-world/src/storage.rs

  • Rewrote incomplete storage definitions
  • Added missing GovernanceDataKey, DataKey, and GuardianConfig
  • Fixed compilation failures affecting governance, recovery, timelock, and credit-score modules

contracts/hello-world/src/governance.rs

  • Fixed critical flash-loan governance attack
  • Removed live balance overwrite that bypassed snapshot-based voting protections

contracts/hello-world/src/governance_test.rs

  • Replaced placeholder tests with behavioural governance tests
  • Added lifecycle, voting, execution, multisig, and integration coverage

contracts/hello-world/src/lib.rs

  • Fixed governance test module path resolution
  • Ensured src/governance_test.rs is compiled correctly

contracts/lending/src/insurance.rs

  • Added missing Vec imports required by insurance pool logic

Security Fix

The governance vote() flow was vulnerable to flash-loan voting manipulation.

Snapshot-based voting power was correctly calculated, but then overwritten using a live token balance, allowing temporary borrowed balances to influence governance voting.

This PR removes the overwrite and restores proper snapshot-based protection.


Testing

  • Added governance behavioural tests
  • Verified proposal lifecycle logic
  • Verified voting execution flow
  • Verified timelock handling
  • Verified multisig operations
  • Verified event validation paths

Closes #332
Closes #329
Closes #330
Closes #331

@vercel

vercel Bot commented Jun 24, 2026

Copy link
Copy Markdown

@JONAH-6 is attempting to deploy a commit to the smartdevs17's projects Team on Vercel.

A member of the Team first needs to authorize it.

Resolved conflict in oracle/src/services/index.ts by retaining upstream
additions (TWAPService and ManipulationDetector exports).
@Smartdevs17 Smartdevs17 merged commit 0aea69d into Smartdevs17:main Jun 24, 2026
3 of 13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

2 participants