From b79848a7a2aa00b9e08884d7eab4fe9033f298de Mon Sep 17 00:00:00 2001 From: abdoolyaro <148596582+abdoolyaro@users.noreply.github.com> Date: Wed, 27 May 2026 11:14:07 +0100 Subject: [PATCH 1/6] Fixed auth_signature parameter to sweep function --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0be5bd8..040aca4 100644 --- a/README.md +++ b/README.md @@ -110,7 +110,7 @@ pub trait EphemeralAccountInterface { fn record_payment(env: Env, amount: i128, asset: Address) -> Result<(), Error>; // Execute sweep to permanent wallet - fn sweep(env: Env, destination: Address) -> Result<(), Error>; + fn sweep(env: Env, destination: Address, auth_signature: BytesN<64>) -> Result<(), Error>; // Check if account is expired fn is_expired(env: Env) -> bool; @@ -148,4 +148,4 @@ See [Security Audit Report](./docs/security-audit.md) (coming soon) ## License -MIT \ No newline at end of file +MIT From fb22117d2b1fae52b97dd1755665f2e0340898f4 Mon Sep 17 00:00:00 2001 From: abdoolyaro <148596582+abdoolyaro@users.noreply.github.com> Date: Wed, 27 May 2026 11:19:51 +0100 Subject: [PATCH 2/6] Clarify signature verification and authorization checks Added warning about the lack of on-chain signature verification and clarified authorization checks. --- contracts/ephemeral_account/src/lib.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/contracts/ephemeral_account/src/lib.rs b/contracts/ephemeral_account/src/lib.rs index ad227e8..6b72853 100644 --- a/contracts/ephemeral_account/src/lib.rs +++ b/contracts/ephemeral_account/src/lib.rs @@ -357,9 +357,12 @@ impl EphemeralAccountContract { _destination: &Address, _signature: &BytesN<64>, ) -> Result<(), Error> { - // TODO: Implement proper signature verification - // For MVP, we rely on off-chain SDK to only call with valid auth - // Future: Verify signature against authorized signer + // ⚠️ MVP STUB: Signature verification is NOT enforced on-chain in this contract. + // Calling EphemeralAccount::sweep() directly bypasses all authorization checks. + // Authorization is only enforced when going through SweepController, which + // performs Ed25519 signature verification via authorization.rs. + // TODO: Implement on-chain signature verification against an authorized signer + // before production use. Ok(()) } From fc8033a206a6564b2234f4f372ccc86c9e500f95 Mon Sep 17 00:00:00 2001 From: abdoolyaro <148596582+abdoolyaro@users.noreply.github.com> Date: Wed, 27 May 2026 11:21:37 +0100 Subject: [PATCH 3/6] Update MVP warning for EphemeralAccount contract Clarified MVP warning about on-chain authorization enforcement. --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 040aca4..62362a5 100644 --- a/README.md +++ b/README.md @@ -116,7 +116,10 @@ pub trait EphemeralAccountInterface { fn is_expired(env: Env) -> bool; } ``` -> **⚠️ MVP:** **authorization is not yet enforced on-chain. +> **⚠️ MVP:** On-chain authorization is not enforced at the `EphemeralAccount` contract +> level. Calling `EphemeralAccount::sweep()` directly bypasses all signature verification. +> Authorization is only enforced when sweeps are routed through `SweepController`. +> Do not call `EphemeralAccount::sweep()` directly in production. See [Bridgelet Documentation](https://github.com/bridgelet-org/bridgelet) for full API reference. From 3b2f9cf881d91a69f2149fdbf4d52012e347fcba Mon Sep 17 00:00:00 2001 From: abdoolyaro <148596582+abdoolyaro@users.noreply.github.com> Date: Wed, 27 May 2026 11:34:11 +0100 Subject: [PATCH 4/6] Modify initialize to accept creator address Updated the initialize function to accept and verify the creator address. --- contracts/sweep_controller/src/lib.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/contracts/sweep_controller/src/lib.rs b/contracts/sweep_controller/src/lib.rs index c85e819..8c556a0 100644 --- a/contracts/sweep_controller/src/lib.rs +++ b/contracts/sweep_controller/src/lib.rs @@ -30,17 +30,16 @@ impl SweepController { env: Env, authorized_signer: BytesN<32>, authorized_destination: Option
, + creator: Address, ) -> Result<(), Error> { // Check if already initialized if storage::get_authorized_signer(&env).is_some() { return Err(Error::AuthorizationFailed); } - // Store the creator address - // In Soroban SDK 22.0.0, we need to pass creator as a parameter - // For now, we'll use the contract address as a placeholder - // TODO: Update to accept creator as parameter if needed - let creator = env.current_contract_address(); + + // Verify and store the creator address + creator.require_auth(); storage::set_creator(&env, &creator); // Store the authorized signer public key From e72583b8dc30d66280ae3e2a8a9d83d19ab5c06b Mon Sep 17 00:00:00 2001 From: Ummi-001 Date: Sat, 30 May 2026 03:28:47 +0100 Subject: [PATCH 5/6] docs: add ReserveContract to README.md (#38) --- README.md | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 0be5bd8..ac2193d 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,13 @@ Handles fund transfers: - Handles multi-asset transfers - Reclaims base reserves +### 3. ReserveContract +Stores and exposes the Stellar base reserve configuration: +- Admin-controlled base reserve amount (stored in stroops) +- Distinguishes user funds from network overhead in ephemeral accounts +- TTL management to prevent contract data archival +- Event emission for reserve updates and auditability + ## Project Structure contracts/ @@ -47,13 +54,22 @@ contracts/ │ ├── src/ │ │ ├── lib.rs │ │ ├── authorization.rs -│ │ └── transfers.rs +│ │ ├── transfers.rs +│ │ ├── storage.rs # State management +│ │ └── errors.rs # Error types +│ └── Cargo.toml +├── reserve_contract/ # ← NEW +│ ├── src/ +│ │ ├── lib.rs # Main contract │ │ ├── storage.rs # State management +│ │ ├── events.rs # Event definitions │ │ └── errors.rs # Error types │ └── Cargo.toml └── shared/ -└── types.rs # Shared types - + ├── src/ + │ ├── lib.rs + │ └── types.rs + └── Cargo.toml ## Prerequisites ```bash # Install Rust From a4324dc715d553f28ff1f5762b2f269f53d685ab Mon Sep 17 00:00:00 2001 From: texasich Date: Sat, 30 May 2026 16:36:14 +0000 Subject: [PATCH 6/6] feat: scaffold native_transfer contract Add empty contract structure following ephemeral_account pattern: - contracts/native_transfer/Cargo.toml with soroban-sdk 22.0.0 - contracts/native_transfer/src/lib.rs with #![no_std] and empty contract - contracts/native_transfer/src/errors.rs with placeholder error enum - contracts/native_transfer/src/events.rs (empty) - contracts/native_transfer/src/test.rs (empty test module) Closes #48 --- Cargo.toml | 1 + contracts/native_transfer/Cargo.toml | 28 +++++++++++++++++++++++++ contracts/native_transfer/src/errors.rs | 8 +++++++ contracts/native_transfer/src/events.rs | 2 ++ contracts/native_transfer/src/lib.rs | 14 +++++++++++++ contracts/native_transfer/src/test.rs | 4 ++++ 6 files changed, 57 insertions(+) create mode 100644 contracts/native_transfer/Cargo.toml create mode 100644 contracts/native_transfer/src/errors.rs create mode 100644 contracts/native_transfer/src/events.rs create mode 100644 contracts/native_transfer/src/lib.rs create mode 100644 contracts/native_transfer/src/test.rs diff --git a/Cargo.toml b/Cargo.toml index 9859e32..5b7cdaf 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -5,4 +5,5 @@ members = [ "contracts/sweep_controller", "contracts/shared", "contracts/reserve_contract", + "contracts/native_transfer", ] diff --git a/contracts/native_transfer/Cargo.toml b/contracts/native_transfer/Cargo.toml new file mode 100644 index 0000000..8c652e5 --- /dev/null +++ b/contracts/native_transfer/Cargo.toml @@ -0,0 +1,28 @@ +[package] +name = "native_transfer" +version = "0.1.0" +edition = "2021" + +[lib] +crate-type = ["cdylib", "rlib"] + +[dependencies] +soroban-sdk = "22.0.0" +bridgelet-shared = { path = "../shared", version = "0.1.0" } + +[dev-dependencies] +soroban-sdk = { version = "22.0.0", features = ["testutils"] } + +[profile.release] +opt-level = "z" +overflow-checks = true +debug = 0 +strip = "symbols" +debug-assertions = false +panic = "abort" +codegen-units = 1 +lto = true + +[profile.release-with-logs] +inherits = "release" +debug-assertions = true diff --git a/contracts/native_transfer/src/errors.rs b/contracts/native_transfer/src/errors.rs new file mode 100644 index 0000000..971961f --- /dev/null +++ b/contracts/native_transfer/src/errors.rs @@ -0,0 +1,8 @@ +use soroban_sdk::contracterror; + +#[contracterror] +#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Ord)] +#[repr(u32)] +pub enum Error { + Placeholder = 1, +} diff --git a/contracts/native_transfer/src/events.rs b/contracts/native_transfer/src/events.rs new file mode 100644 index 0000000..bfd3fc0 --- /dev/null +++ b/contracts/native_transfer/src/events.rs @@ -0,0 +1,2 @@ +// Events for the native_transfer contract. +// Emitted during transfer lifecycle: initiated, completed, failed, etc. diff --git a/contracts/native_transfer/src/lib.rs b/contracts/native_transfer/src/lib.rs new file mode 100644 index 0000000..0329487 --- /dev/null +++ b/contracts/native_transfer/src/lib.rs @@ -0,0 +1,14 @@ +#![no_std] + +mod errors; +mod events; +#[cfg(test)] +mod test; + +use soroban_sdk::{contract, contractimpl}; + +#[contract] +pub struct NativeTransferContract; + +#[contractimpl] +impl NativeTransferContract {} diff --git a/contracts/native_transfer/src/test.rs b/contracts/native_transfer/src/test.rs new file mode 100644 index 0000000..8225e68 --- /dev/null +++ b/contracts/native_transfer/src/test.rs @@ -0,0 +1,4 @@ +#[cfg(test)] +mod test { + // TODO: Add contract tests +}