fix(audit): paymaster onboarding cap, voting/vouch tests, dead-code cleanup#175
Open
hudsonhrh wants to merge 1 commit into
Open
fix(audit): paymaster onboarding cap, voting/vouch tests, dead-code cleanup#175hudsonhrh wants to merge 1 commit into
hudsonhrh wants to merge 1 commit into
Conversation
…ead-code cleanup H4: per-account lifetime cap on solidarity-funded onboarding sponsorship (OnboardingConfig.maxOnboardingsPerAccount; 0 = unlimited so the upgrade can't brick onboarding; NOT refunded on failure so the cap actually bounds drain). Adds v18 cross-chain upgrade script + a Gnosis fork sim (PASS). H2: HybridVoting safe-config invariants/scenario tests + HYBRID_VOTING.md note (ERC20_BAL reads live balanceOf; soulbound PT + gated mint authority bound inflation; 128k-call invariant shows unprivileged activity can't change supply). H1: EligibilityModule vouch-gating characterization test (no contract change; on-chain Delegate hat is already gated — frontend validation tracked in poa-box/Poa-frontend#449). Dead code: remove ~35 verified-unused library functions/errors/events/imports (BudgetLib, VotingMath/VotingErrors, HatManager, RoleResolver, EligibilityModule helpers, PaymasterHubErrors, unused imports + `using` directives). Build: extract DeployerTest's 5 inline 14-field DeployConfig builders into a helper so the full FOUNDRY_PROFILE=production build compiles (was 1-slot stack-too-deep under via-IR + optimizer; default profile was always fine). All 1394 tests pass; full production build clean; upgrade sim PASS on Gnosis fork. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements the branch's security-audit fixes: the only contract change is H4 — a per-account lifetime cap on solidarity-funded onboarding sponsorship in
PaymasterHub(OnboardingConfig.maxOnboardingsPerAccount;0= unlimited so the upgrade can't brick onboarding, and it is not refunded on failed ops so it actually bounds solidarity drain) — shipped with a v18 cross-chain upgrade script and a passing Gnosis fork sim. New tests cover H2 (HybridVoting safe-config invariants + scenario tests showing soulbound PT + gated mint authority bound vote-weight inflation, plus aHYBRID_VOTING.mdnote) and H1 (anEligibilityModulevouch-gating characterization test — no contract change, since the live Delegate hat is already gated; frontend config validation is tracked in poa-box/Poa-frontend#449). Cleanup removes ~35 verified-unused library functions/errors/events/imports, and refactorsDeployerTest's 5 inline 14-fieldDeployConfigbuilders into a helper so the fullFOUNDRY_PROFILE=productionbuild compiles (they sat 1 stack slot too deep under via-IR + optimizer; the default profile was always fine). All 1394 tests pass and the full production build is clean.🤖 Generated with Claude Code