test(energy_token): add access control tests for unauthorized mint (#278) by devSoniia · Pull Request #1 · devSoniia/solarproof

devSoniia · 2026-05-28T14:59:38Z

Summary

The energy_token contract already enforces minter access control via minter.require_auth() in mint() and admin.require_auth() in set_minter(). This PR adds unit tests that verify unauthorized callers are rejected.

Changes

test_mint_unauthorized_caller_panics — calls mint() without mocking minter auth; expects host auth failure panic
test_mint_succeeds_with_minter_auth — calls mint() with explicit minter mock_auths; verifies balance updated
test_set_minter_unauthorized_caller_panics — calls set_minter() without admin auth; expects panic

Testing

cd apps/contracts && cargo test --package energy-token

…d set_minter Closes AnnabelJoe#278 - test_mint_unauthorized_caller_panics: verifies mint() panics when called without minter auth (no mock_all_auths) - test_mint_succeeds_with_minter_auth: verifies authorized minter can mint - test_set_minter_unauthorized_caller_panics: verifies set_minter() panics without admin auth The minter role, set_minter(), and require_auth() were already implemented; these tests provide coverage for the unauthorized-caller acceptance criteria.

github-actions · 2026-05-28T15:00:06Z

🔍 Vercel Preview Deployment

URL: Learn More: https://err.sh/vercel/no-credentials-found

Uses Stellar testnet contract addresses.

github-actions · 2026-05-28T15:03:12Z

✅ cargo audit

�[1m�[32m    Updating�[0m crates.io index
�[1m�[32m     Locking�[0m 188 packages to latest compatible versions
�[1m�[36m      Adding�[0m arbitrary v1.3.2 �[1m�[33m(available: v1.4.2)�[0m
�[1m�[36m      Adding�[0m crypto-common v0.1.6 �[1m�[33m(available: v0.1.7)�[0m
�[1m�[36m      Adding�[0m darling v0.23.0 �[1m�[31m(requires Rust 1.88.0)�[0m
�[1m�[36m      Adding�[0m darling_core v0.23.0 �[1m�[31m(requires Rust 1.88.0)�[0m
�[1m�[36m      Adding�[0m darling_macro v0.23.0 �[1m�[31m(requires Rust 1.88.0)�[0m
�[1m�[36m      Adding�[0m derive_arbitrary v1.3.2 �[1m�[33m(available: v1.4.2)�[0m
�[1m�[36m      Adding�[0m serde_with v3.20.0 �[1m�[31m(requires Rust 1.88)�[0m
�[1m�[36m      Adding�[0m serde_with_macros v3.20.0 �[1m�[31m(requires Rust 1.88)�[0m
�[1m�[36m      Adding�[0m soroban-builtin-sdk-macros v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-common v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-guest v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-host v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-env-macros v23.0.1 �[1m�[33m(available: v23.0.2)�[0m
�[1m�[36m      Adding�[0m soroban-sdk v23.5.3 �[1m�[33m(available: v25.3.0)�[0m
�[1m�[36m      Adding�[0m time v0.3.47 �[1m�[31m(requires Rust 1.88.0)�[0m
�[1m�[36m      Adding�[0m time-core v0.1.8 �[1m�[31m(requires Rust 1.88.0)�[0m
�[1m�[36m      Adding�[0m time-macros v0.2.27 �[1m�[31m(requires Rust 1.88.0)�[0m
�[0m�[0m�[1m�[32m    Fetching�[0m advisory database from `https://github.com/RustSec/advisory-db.git`
�[0m�[0m�[1m�[32m      Loaded�[0m 1098 security advisories (from /home/runner/.cargo/advisory-db)
�[0m�[0m�[1m�[32m    Updating�[0m crates.io index
�[0m�[0m�[1m�[32m    Scanning�[0m Cargo.lock for vulnerabilities (192 crate dependencies)
�[0m�[0m�[1m�[33mCrate:    �[0m derivative
�[0m�[0m�[1m�[33mVersion:  �[0m 2.2.0
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m `derivative` is unmaintained; consider using an alternative
�[0m�[0m�[1m�[33mDate:     �[0m 2024-06-26
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0388
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0388
�[0m�[0m�[1m�[33mDependency tree:
�[0mderivative 2.2.0
├── ark-poly 0.4.2
│   └── ark-ec 0.4.2
│       ├── soroban-env-host 23.0.1
│       │   ├── soroban-sdk 23.5.3
│       │   │   ├── multisig-admin 1.0.0
│       │   │   ├── energy-token 1.0.0
│       │   │   ├── community-governance 1.0.0
│       │   │   └── audit-registry 1.0.0
│       │   └── soroban-ledger-snapshot 23.5.3
│       │       └── soroban-sdk 23.5.3
│       └── ark-bls12-381 0.4.0
│           └── soroban-env-host 23.0.1
├── ark-ff 0.4.2
│   ├── soroban-env-host 23.0.1
│   ├── ark-poly 0.4.2
│   ├── ark-ec 0.4.2
│   └── ark-bls12-381 0.4.0
└── ark-ec 0.4.2

�[0m�[0m�[1m�[33mCrate:    �[0m paste
�[0m�[0m�[1m�[33mVersion:  �[0m 1.0.15
�[0m�[0m�[1m�[33mWarning:  �[0m unmaintained
�[0m�[0m�[1m�[33mTitle:    �[0m paste - no longer maintained
�[0m�[0m�[1m�[33mDate:     �[0m 2024-10-07
�[0m�[0m�[1m�[33mID:       �[0m RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mURL:      �[0m https://rustsec.org/advisories/RUSTSEC-2024-0436
�[0m�[0m�[1m�[33mDependency tree:
�[0mpaste 1.0.15
├── wasmi_core 0.13.0
│   └── soroban-wasmi 0.31.1-soroban.20.0.1
│       ├── soroban-env-host 23.0.1
│       │   ├── soroban-sdk 23.5.3
│       │   │   ├── multisig-admin 1.0.0
│       │   │   ├── energy-token 1.0.0
│       │   │   ├── community-governance 1.0.0
│       │   │   └── audit-registry 1.0.0
│       │   └── soroban-ledger-snapshot 23.5.3
│       │       └── soroban-sdk 23.5.3
│       └── soroban-env-common 23.0.1
│           ├── soroban-sdk-macros 23.5.3
│           │   └── soroban-sdk 23.5.3
│           ├── soroban-ledger-snapshot 23.5.3
│           ├── soroban-env-host 23.0.1
│           └── soroban-env-guest 23.0.1
│               └── soroban-sdk 23.5.3
└── ark-ff 0.4.2
    ├── soroban-env-host 23.0.1
    ├── ark-poly 0.4.2
    │   └── ark-ec 0.4.2
    │       ├── soroban-env-host 23.0.1
    │       └── ark-bls12-381 0.4.0
    │           └── soroban-env-host 23.0.1
    ├── ark-ec 0.4.2
    └── ark-bls12-381 0.4.0

�[0m�[0m�[1m�[33mwarning:�[0m 2 allowed warnings found

devSoniia had a problem deploying to testnet May 28, 2026 14:59 — with GitHub Actions Failure

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

test(energy_token): add access control tests for unauthorized mint (#278)#1

test(energy_token): add access control tests for unauthorized mint (#278)#1
devSoniia wants to merge 1 commit into
mainfrom
issue-278-energy-token-access-control

devSoniia commented May 28, 2026

Uh oh!

github-actions Bot commented May 28, 2026

Uh oh!

github-actions Bot commented May 28, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

devSoniia commented May 28, 2026

Summary

Changes

Testing

Uh oh!

github-actions Bot commented May 28, 2026

🔍 Vercel Preview Deployment

Uh oh!

github-actions Bot commented May 28, 2026

✅ cargo audit

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant