Skip to content

Harden the hashport-account contract test suite and review auth/overflow edge cases #52

Description

@chillwur

Summary

contracts/hashport-account/src/test.rs exists but should be pushed further given this contract directly custodies user funds — expand coverage of authorization and numeric edge cases before any mainnet use.

Description

Review contracts/hashport-account/src/lib.rs for every require_auth call site (set_owner, transfer) and add tests asserting each fails without proper authorization from a caller other than the owner.

Add tests for transfer with amount = 0, negative amounts (already guarded by Error::InvalidAmount — verify the guard), and i128::MAX to check for overflow behavior in the underlying token transfer.

Add a test for calling any method before __constructor runs (Self::owner currently .expect("not initialized") — confirm this panics cleanly rather than an unclear trap).

Consider whether a formal fuzzing pass (e.g. via proptest for amount ranges) is warranted given the contract holds real value; scope that as a follow-up if it's too large for this issue.

Deliverables

  • Expanded test.rs covering unauthorized-call, zero/negative/max-amount, and uninitialized-call cases
  • Written note on residual risk / recommended follow-up (e.g. fuzzing, external audit) before mainnet

Dependencies

None

Metadata

Metadata

Assignees

No one assigned

    Labels

    area: architectureCore system architecturearea: contractscontracts/hashport-account (Soroban)level: advancedCore architecture, senior/experienced-engineer scopetype: testingAdding or expanding tests

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions