Skip to content

feat: implement multi-admin and multisig governance with build fixes #383

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
greatest0fallt1me merged 1 commit into from
Feb 26, 2026
+75 −75
Merged

feat: implement multi-admin and multisig governance with build fixes #383

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
88 changes: 44 additions & 44 deletions contracts/predictify-hybrid/src/admin.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,11 +63,11 @@ pub enum AdminPermission {
/// Collect fees
CollectFees,
/// Manage disputes
ManageDisputes,
ManageDispute,
/// View analytics
ViewAnalytics,
ViewAnalytic,
/// Emergency actions
EmergencyActions,
Emergency,
}

/// Admin action record
Expand Down Expand Up @@ -827,9 +827,9 @@ impl AdminAccessControl {
/// | `"update_config"` | `AdminPermission::UpdateConfig` |
/// | `"reset_config"` | `AdminPermission::ResetConfig` |
/// | `"collect_fees"` | `AdminPermission::CollectFees` |
/// | `"manage_disputes"` | `AdminPermission::ManageDisputes` |
/// | `"view_analytics"` | `AdminPermission::ViewAnalytics` |
/// | `"emergency_actions"` | `AdminPermission::EmergencyActions` |
/// | `"manage_disputes"` | `AdminPermission::ManageDispute` |
/// | `"view_analytics"` | `AdminPermission::ViewAnalytic` |
/// | `"emergency_actions"` | `AdminPermission::Emergency` |
///
/// # Use Cases
///
Expand All @@ -855,9 +855,9 @@ impl AdminAccessControl {
"update_config" => Ok(AdminPermission::UpdateConfig),
"reset_config" => Ok(AdminPermission::ResetConfig),
"collect_fees" => Ok(AdminPermission::CollectFees),
"manage_disputes" => Ok(AdminPermission::ManageDisputes),
"view_analytics" => Ok(AdminPermission::ViewAnalytics),
"emergency_actions" => Ok(AdminPermission::EmergencyActions),
"manage_disputes" => Ok(AdminPermission::ManageDispute),
"view_analytics" => Ok(AdminPermission::ViewAnalytic),
"emergency_actions" => Ok(AdminPermission::Emergency),
_ => Err(Error::InvalidInput),
}
}
Expand Down Expand Up @@ -891,7 +891,7 @@ impl AdminRoleManager {
/// # Errors
///
/// This function returns specific errors:
/// - `Error::Unauthorized` - Assigner lacks EmergencyActions permission
/// - `Error::Unauthorized` - Assigner lacks Emergency permission
/// - Permission validation errors from AdminAccessControl
/// - Storage operation errors
///
Expand Down Expand Up @@ -933,14 +933,14 @@ impl AdminRoleManager {
///
/// The assignment process:
/// 1. **Bootstrap Check**: First assignment bypasses permission validation
/// 2. **Permission Validation**: Subsequent assignments require EmergencyActions permission
/// 2. **Permission Validation**: Subsequent assignments require Emergency permission
/// 3. **Role Creation**: Creates AdminRoleAssignment with timestamp and permissions
/// 4. **Storage Update**: Stores assignment in persistent storage
/// 5. **Event Emission**: Emits role assignment event for monitoring
///
/// # Security
///
/// Only admins with EmergencyActions permission can assign roles to others.
/// Only admins with Emergency permission can assign roles to others.
/// The first admin assignment (bootstrapping) bypasses this check to enable
/// initial contract setup.
pub fn assign_role(
Expand All @@ -960,7 +960,7 @@ impl AdminRoleManager {
AdminAccessControl::validate_permission(
env,
assigned_by,
&AdminPermission::EmergencyActions,
&AdminPermission::Emergency,
)?;
}

Expand Down Expand Up @@ -1179,7 +1179,7 @@ impl AdminRoleManager {
/// # Returns
///
/// Returns `Vec<AdminPermission>` containing all permissions for the role.
/// The vector is never empty - even ReadOnlyAdmin has ViewAnalytics permission.
/// The vector is never empty - even ReadOnlyAdmin has ViewAnalytic permission.
///
/// # Example
///
Expand All @@ -1196,7 +1196,7 @@ impl AdminRoleManager {
///
/// println!("SuperAdmin has {} permissions", super_permissions.len());
/// assert!(super_permissions.contains(&AdminPermission::Initialize));
/// assert!(super_permissions.contains(&AdminPermission::EmergencyActions));
/// assert!(super_permissions.contains(&AdminPermission::Emergency));
///
/// // Get permissions for MarketAdmin
/// let market_permissions = AdminRoleManager::get_permissions_for_role(
Expand All @@ -1213,19 +1213,19 @@ impl AdminRoleManager {
/// **SuperAdmin** (12 permissions):
/// - Initialize, CreateMarket, CloseMarket, FinalizeMarket
/// - ExtendMarket, UpdateFees, UpdateConfig, ResetConfig
/// - CollectFees, ManageDisputes, ViewAnalytics, EmergencyActions
/// - CollectFees, ManageDispute, ViewAnalytic, Emergency
///
/// **MarketAdmin** (5 permissions):
/// - CreateMarket, CloseMarket, FinalizeMarket, ExtendMarket, ViewAnalytics
/// - CreateMarket, CloseMarket, FinalizeMarket, ExtendMarket, ViewAnalytic
///
/// **ConfigAdmin** (3 permissions):
/// - UpdateConfig, ResetConfig, ViewAnalytics
/// - UpdateConfig, ResetConfig, ViewAnalytic
///
/// **FeeAdmin** (3 permissions):
/// - UpdateFees, CollectFees, ViewAnalytics
/// - UpdateFees, CollectFees, ViewAnalytic
///
/// **ReadOnlyAdmin** (1 permission):
/// - ViewAnalytics
/// - ViewAnalytic
///
/// # Use Cases
///
Expand Down Expand Up @@ -1255,31 +1255,31 @@ impl AdminRoleManager {
AdminPermission::UpdateConfig,
AdminPermission::ResetConfig,
AdminPermission::CollectFees,
AdminPermission::ManageDisputes,
AdminPermission::ViewAnalytics,
AdminPermission::EmergencyActions,
AdminPermission::ManageDispute,
AdminPermission::ViewAnalytic,
AdminPermission::Emergency,
],
AdminRole::MarketAdmin => soroban_sdk::vec![
env,
AdminPermission::CreateMarket,
AdminPermission::CloseMarket,
AdminPermission::FinalizeMarket,
AdminPermission::ExtendMarket,
AdminPermission::ViewAnalytics,
AdminPermission::ViewAnalytic,
],
AdminRole::ConfigAdmin => soroban_sdk::vec![
env,
AdminPermission::UpdateConfig,
AdminPermission::ResetConfig,
AdminPermission::ViewAnalytics,
AdminPermission::ViewAnalytic,
],
AdminRole::FeeAdmin => soroban_sdk::vec![
env,
AdminPermission::UpdateFees,
AdminPermission::CollectFees,
AdminPermission::ViewAnalytics,
AdminPermission::ViewAnalytic,
],
AdminRole::ReadOnlyAdmin => soroban_sdk::vec![env, AdminPermission::ViewAnalytics,],
AdminRole::ReadOnlyAdmin => soroban_sdk::vec![env, AdminPermission::ViewAnalytic,],
}
}

Expand All @@ -1293,7 +1293,7 @@ impl AdminRoleManager {
AdminAccessControl::validate_permission(
env,
deactivated_by,
&AdminPermission::EmergencyActions,
&AdminPermission::Emergency,
)?;

// Use a simple fixed key for admin role storage
Expand Down Expand Up @@ -1332,7 +1332,7 @@ impl AdminManager {
AdminAccessControl::validate_permission(
env,
current_admin,
&AdminPermission::EmergencyActions,
&AdminPermission::Emergency,
)?;

// Prevent duplicate admin assignments
Expand Down Expand Up @@ -1378,7 +1378,7 @@ impl AdminManager {
AdminAccessControl::validate_permission(
env,
current_admin,
&AdminPermission::EmergencyActions,
&AdminPermission::Emergency,
)?;

// Prevent self-removal of last super admin
Expand Down Expand Up @@ -1419,7 +1419,7 @@ impl AdminManager {
AdminAccessControl::validate_permission(
env,
current_admin,
&AdminPermission::EmergencyActions,
&AdminPermission::Emergency,
)?;

let admin_key = Self::get_admin_key(env, target_admin);
Expand Down Expand Up @@ -1602,7 +1602,7 @@ impl AdminManager {
AdminAccessControl::validate_permission(
env,
current_admin,
&AdminPermission::EmergencyActions,
&AdminPermission::Emergency,
)?;

let admin_key = Self::get_admin_key(env, target_admin);
Expand All @@ -1628,7 +1628,7 @@ impl AdminManager {
AdminAccessControl::validate_permission(
env,
current_admin,
&AdminPermission::EmergencyActions,
&AdminPermission::Emergency,
)?;

let admin_key = Self::get_admin_key(env, target_admin);
Expand All @@ -1654,7 +1654,7 @@ pub struct MultisigManager;
impl MultisigManager {
/// Set the multisig threshold (M-of-N)
pub fn set_threshold(env: &Env, admin: &Address, threshold: u32) -> Result<(), Error> {
AdminAccessControl::validate_permission(env, admin, &AdminPermission::EmergencyActions)?;
AdminAccessControl::validate_permission(env, admin, &AdminPermission::Emergency)?;

let total_admins = Self::count_active_admins(env);
if threshold == 0 || threshold > total_admins {
Expand Down Expand Up @@ -1691,7 +1691,7 @@ impl MultisigManager {
target: Address,
data: Map<String, String>,
) -> Result<u64, Error> {
AdminAccessControl::validate_permission(env, initiator, &AdminPermission::EmergencyActions)?;
AdminAccessControl::validate_permission(env, initiator, &AdminPermission::Emergency)?;

let action_id = Self::get_next_action_id(env);
let mut approvals = Vec::new(env);
Expand All @@ -1717,7 +1717,7 @@ impl MultisigManager {

/// Approve a pending action
pub fn approve_action(env: &Env, admin: &Address, action_id: u64) -> Result<bool, Error> {
AdminAccessControl::validate_permission(env, admin, &AdminPermission::EmergencyActions)?;
AdminAccessControl::validate_permission(env, admin, &AdminPermission::Emergency)?;

let key = Self::get_action_key(env, action_id);
let mut action: PendingAdminAction = env.storage().persistent().get(&key).ok_or(Error::ConfigNotFound)?;
Expand Down Expand Up @@ -3260,14 +3260,14 @@ impl AdminUtils {
AdminPermission::CollectFees => {
String::from_str(&soroban_sdk::Env::default(), "CollectFees")
}
AdminPermission::ManageDisputes => {
String::from_str(&soroban_sdk::Env::default(), "ManageDisputes")
AdminPermission::ManageDispute => {
String::from_str(&soroban_sdk::Env::default(), "ManageDispute")
}
AdminPermission::ViewAnalytics => {
String::from_str(&soroban_sdk::Env::default(), "ViewAnalytics")
AdminPermission::ViewAnalytic => {
String::from_str(&soroban_sdk::Env::default(), "ViewAnalytic")
}
AdminPermission::EmergencyActions => {
String::from_str(&soroban_sdk::Env::default(), "EmergencyActions")
AdminPermission::Emergency => {
String::from_str(&soroban_sdk::Env::default(), "Emergency")
}
}
}
Expand Down Expand Up @@ -3768,11 +3768,11 @@ mod admin_manager_tests {
AdminPermission::UpdateFees
));

// ReadOnlyAdmin should only have ViewAnalytics
// ReadOnlyAdmin should only have ViewAnalytic
assert!(AdminManager::check_role_permissions(
&env,
AdminRole::ReadOnlyAdmin,
AdminPermission::ViewAnalytics
AdminPermission::ViewAnalytic
));
assert!(!AdminManager::check_role_permissions(
&env,
Expand Down
Loading
Loading