test: assert milestone approvals auto-expire via temporary TTL#673
Open
T-kesh wants to merge 2 commits into
Open
test: assert milestone approvals auto-expire via temporary TTL#673T-kesh wants to merge 2 commits into
T-kesh wants to merge 2 commits into
Conversation
Add TTL-expiry coverage for milestone approvals stored in temporary storage with PENDING_APPROVAL_TTL_LEDGERS (7 days): - approval_expiry.rs: advance the ledger past the TTL and assert release_milestone fails with InsufficientApprovals across every ReleaseAuthorization mode (ClientOnly, ArbiterOnly, ClientAndArbiter, MultiSig), including the MultiSig case where one approval expires before the second arrives. Covers exactly-at-TTL, one-ledger-past-TTL, and bump-on-read refresh edge cases. - ttl_tests.rs: exercise the ttl helpers directly (compute_expiry, store_with_ttl, read_if_live, extend_if_below_threshold, remove_transient, has_transient) and the approvals::check_approvals fail-closed path for approval and migration TTL constants. - Document approval TTL / bump-on-read semantics in docs/escrow/README.md. - Remove the orphaned src/test_approval_expiry.rs (never wired into the module tree); its coverage now lives under src/test/. No production changes (per issue Talenttrust#467). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…al-ttl-expiry # Conflicts: # contracts/escrow/src/test/mod.rs # docs/escrow/README.md
|
@T-kesh Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #467
Summary
Adds test coverage proving that milestone approvals stored in temporary storage with PENDING_APPROVAL_TTL_LEDGERS (7 days ≈ 120,960 ledgers) actually stop a release once the TTL elapses. check_approvals already treats an expired/absent record as InsufficientApprovals (fail-closed); the existing inline tests only covered approval and duplicate rejection and never advanced the ledger past the TTL. These tests close that gap.
No production changes — this PR is test + documentation only, as the issue specifies.
What's included
contracts/escrow/src/test/approval_expiry.rs — End-to-end tests through the public EscrowClient API:
Approve a milestone, advance env.ledger() sequence beyond PENDING_APPROVAL_TTL_LEDGERS, and assert release_milestone fails with InsufficientApprovals.
Covers every ReleaseAuthorization mode: ClientOnly, ArbiterOnly, ClientAndArbiter, and MultiSig.
MultiSig expiry race: one party's approval expires before the second arrives → release fails; re-approving the expired leg then succeeds.
Edge cases: exactly-at-TTL (still live), one ledger past TTL (evicted), and bump-on-read refresh (a read within PENDING_APPROVAL_BUMP_THRESHOLD of expiry renews the TTL).
Per-milestone TTL independence.
contracts/escrow/src/test/ttl_tests.rs — Unit coverage of the ttl helpers via env.as_contract (compute_expiry, store_with_ttl, read_if_live, extend_if_below_threshold, remove_transient, has_transient) plus an integration submodule exercising approvals::approve_milestone / approvals::check_approvals across the TTL boundary, for both approval and migration TTL constants.
docs/escrow/README.md — Documents approval TTL / auto-expiry, fail-closed semantics, and the bump-on-read refresh behavior.
Removed the orphaned contracts/escrow/src/test_approval_expiry.rs (it was never wired into the module tree); its coverage now lives under src/test/.
Security assumption validated
Expired approvals cannot release funds: once the temporary record is auto-evicted, check_approvals returns InsufficientApprovals and release_milestone is rejected across all authorization modes.