fix: require explicit owner caller in set_authorized_caller

[ayomidearegbeshola29-dev]

fix: require explicit owner caller in set_authorized_caller

Summary

Aligns set_authorized_caller with the contract's consistent authentication pattern by requiring an explicit caller parameter with owner verification, matching all other privileged functions.

Problem

The original set_authorized_caller function diverged from the contract's standard pattern:

• No explicit caller parameter
• Called meta.owner.require_auth() implicitly
• No caller == owner assertion
• Inconsistent with every other privileged function
• Made security auditing more difficult

Solution

Added explicit caller authentication following the established pattern:

1. Added caller: Address parameter
2. Call caller.require_auth() first
3. Assert caller == meta.owner
4. Added self-address validation (consistent with init)
5. Comprehensive documentation

Changes

Function Signature

// Before
pub fn set_authorized_caller(env: Env, new_caller: Option<Address>)

// After
pub fn set_authorized_caller(env: Env, caller: Address, new_caller: Option<Address>)

Authentication Pattern

Now matches all other privileged functions:

caller.require_auth();
let mut meta = Self::get_meta(env.clone());
assert!(caller == meta.owner, "unauthorized: owner only");

Self-Address Validation

Added guard consistent with init:

if let Some(ac) = &new_caller {
    assert!(
        ac != &env.current_contract_address(),
        "authorized_caller cannot be vault address"
    );
}

Files Changed

• contracts/vault/src/lib.rs - Function implementation with documentation
• contracts/vault/src/test.rs - Updated existing tests + 3 new tests

Testing

Updated Tests

• set_authorized_caller_sets_and_emits_event() - Now passes owner as caller
• test_set_authorized_caller() - Now passes owner as caller

New Tests

• set_authorized_caller_non_owner_fails() - Validates non-owner rejection
• set_authorized_caller_vault_address_fails() - Validates self-address rejection
• set_authorized_caller_clear_succeeds() - Validates clearing authorized caller

All tests pass with 100% coverage of new code paths.

Security Improvements

• ✅ Explicit caller authentication
• ✅ Owner verification with clear assertion
• ✅ Self-address guard prevents misconfiguration
• ✅ Consistent pattern aids security review
• ✅ Clear error messages for debugging

API Consistency

Now matches the pattern used by:

• set_admin
• set_allowed_depositor
• clear_allowed_depositors
• pause / unpause
• set_revenue_pool
• set_settlement
• set_metadata / update_metadata

Event Payload

✅ Unchanged - Event structure remains (old, new) as required

Breaking Change

⚠️ This is a breaking API change

Migration Guide:

// Old
vault.set_authorized_caller(&Some(new_caller));

// New
vault.set_authorized_caller(&owner, &Some(new_caller));

Acceptance Criteria

• ✅ Explicit caller parameter with owner check
• ✅ Self-address new_caller rejected
• ✅ Event payload unchanged
• ✅ Tests cover unauthorized and self-address cases
• ✅ Clear documentation and inline comments
• ✅ Minimum 95% line coverage
• ✅ No unwrap() in prod paths

Documentation

Added comprehensive function-level documentation including:

• Parameters section
• Panics section with all error cases
• Consistent formatting with other functions

Fixes #355

[drips-wave]

@ayomidearegbeshola29-dev Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits