Skip to content

feat(tip20): implement burnAt to burn tokens from any address with BURN_AT_ROLE (TIP-1006)#2857

Draft
fgimenez wants to merge 7 commits intomainfrom
fgimenez/chain-758
Draft

feat(tip20): implement burnAt to burn tokens from any address with BURN_AT_ROLE (TIP-1006)#2857
fgimenez wants to merge 7 commits intomainfrom
fgimenez/chain-758

Conversation

@fgimenez
Copy link
Member

@fgimenez fgimenez commented Feb 25, 2026

Closes CHAIN-758

Implements burnAt(address from, uint256 amount), allows holders of BURN_AT_ROLE to burn tokens from any address without transfer policy restrictions. This complements the existing burnBlocked (which only works on policy-blocked addresses) and burn (which only burns from the caller's own balance).

  • Solidity reference impl (TIP20.sol, ITIP20.sol): Added BURN_AT_ROLE constant, BurnAt event, and burnAt function with protected address checks (FeeManager, StablecoinDEX) and reward accounting
  • Invariant tests (invariants/TIP20.t.sol): tests for supply conservation, role enforcement, and protected address invariants
  • Rust precompile (tip20/mod.rs, dispatch.rs, tip20.rs): Precompile dispatch, implementation, and integration tests mirroring the Solidity behavior

@fgimenez fgimenez requested a review from a team February 25, 2026 16:37
@fgimenez fgimenez added C-enhancement New feature or request A-precompile Related to precompiles agentic-audit labels Feb 25, 2026
tempoxyz-bot

This comment was marked as outdated.

Sign in to view

tempoxyz-bot

This comment was marked as outdated.

Sign in to view

legion2002 added a commit that referenced this pull request Feb 25, 2026
@legion2002
fix(ci): prevent duplicate pr-audit triggers on multi-label events
ca15eed 
When multiple labels are added simultaneously, GitHub fires a separate
labeled event per label. The old condition checked if the PR *has* the
agentic-audit label, which is true for all events. This caused N audit
runs for N labels added at once (e.g., 3 comments on PR #2857).

Fix: check github.event.label.name instead of scanning all labels.
@legion2002 legion2002 mentioned this pull request Feb 25, 2026
Merged
tempoxyz-bot

This comment was marked as outdated.

Sign in to view

github-merge-queue bot pushed a commit that referenced this pull request Feb 25, 2026
@legion2002
fix(ci): prevent duplicate pr-audit triggers on multi-label events (#…
e1350a2 
…2859)

## Problem

When multiple labels are added to a PR simultaneously (e.g.,
`C-enhancement`, `A-precompile`, `agentic-audit`), GitHub fires a
separate `labeled` event for **each** label. The old `if` condition
checked whether the PR _has_ the `agentic-audit` label:

```yaml
if: contains(github.event.pull_request.labels.*.name, 'agentic-audit')
```

Since all three events see the PR already has the label, **all three**
pass the condition and trigger an audit. This is what happened on PR
#2857 — 3 Ralph comments were posted.

## Fix

Check `github.event.label.name` (the label from the current event)
instead:

```yaml
if: github.event.label.name == 'agentic-audit' && github.event.pull_request.draft == false
```

Only the event where `agentic-audit` is the label being added will
trigger the audit.
@jenpaff jenpaff added the T2 label Feb 26, 2026
@tempoxyz-bot
Copy link

tempoxyz-bot commented Feb 26, 2026
edited
Loading

🐺 Ralph Security Review

1189f44

Worker Engine Progress Status
pr-2857-w1 gemini-3.1-pro-preview ✅ thread-1 🚨 thread-2 ✅ thread-3 Done
pr-2857-w2 amp/deep 🚨 thread-1 🚨 thread-2thread-3 Done

Findings

# Finding Severity Verification Threads
1 Ungated TIP20 burnAt Activation Can Split Consensus High ✅ Verified audit · verify
2 burnAt bypasses AccountKeychain spending limits for access-key signed transactions High ✅ Verified audit · verify
3 TIP20 burnAt Bypasses Spending Limit Checks High ⏩ Dup audit · verify

📋 Consolidation complete · Thread

📜 25 events

🔍 pr-2857-w1 iter 1/3 [audit-ripple.md]
🔍 pr-2857-w2 iter 1/3 [audit-focused.md]
🚨 pr-2857-w2 iter 1 — finding | Thread
🚨 Finding: Ungated TIP20 burnAt Activation Can Split Consensus (High) | Thread
🔍 pr-2857-w2 iter 2/3 [audit-ripple.md]
🔬 Verifying: Ungated TIP20 burnAt Activation Can Split Consensus | Thread
pr-2857-w1 iter 1 — clear | Thread
🔍 pr-2857-w1 iter 2/3 [audit-historical.md]
📋 Verify: Ungated TIP20 burnAt Activation Can Split Consensus → ✅ Verified | Thread
🚨 pr-2857-w2 iter 2 — finding | Thread
🚨 Finding: burnAt bypasses AccountKeychain spending limits for access-key signed transactions (High) | Thread
🔍 pr-2857-w2 iter 3/3 [audit-historical.md]
🔬 Verifying: burnAt bypasses AccountKeychain spending limits for access-key signed transactions | Thread
📋 Verify: burnAt bypasses AccountKeychain spending limits for access-key signed transactions → ✅ Verified | Thread
pr-2857-w2 iter 3 — clear | Thread
🏁 pr-2857-w2 done
🚨 pr-2857-w1 iter 2 — finding | Thread
🚨 Finding: TIP20 burnAt Bypasses Spending Limit Checks (High) | Thread
🔍 pr-2857-w1 iter 3/3 [audit-focused.md]
🔬 Verifying: TIP20 burnAt Bypasses Spending Limit Checks | Thread
pr-2857-w1 iter 3 — clear | Thread
🏁 pr-2857-w1 done
📋 Verify: TIP20 burnAt Bypasses Spending Limit Checks → ⏩ Dup | Thread
📦 Consolidation: running | Thread
📦 Consolidation: complete | Thread

tempoxyz-bot
tempoxyz-bot reviewed Feb 26, 2026
View reviewed changes
Copy link

@tempoxyz-bot tempoxyz-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🐺 Ralph Review — PR #2857

This PR adds burnAt to TIP20, allowing BURN_AT_ROLE holders to burn tokens from any address (except protected precompiles). Balance/supply accounting, protected-address guards, reward tracking, and event emission are correctly implemented with thorough tests.

2 high-severity findings were identified and verified. See inline comments.

@tempoxyz tempoxyz deleted a comment from tempoxyz-bot Feb 26, 2026
@tempoxyz tempoxyz deleted a comment from tempoxyz-bot Feb 26, 2026
@legion2002 legion2002 requested a review from a team February 26, 2026 01:27
@tempoxyz tempoxyz deleted a comment from tempoxyz-bot Feb 26, 2026
@jenpaff jenpaff marked this pull request as draft February 26, 2026 09:49
@github-actions
Copy link

github-actions bot commented Feb 26, 2026
edited
Loading

📊 Tempo Precompiles Coverage

📦 Download full HTML report

@goksu goksu removed the request for review from a team February 26, 2026 18:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tempoxyz-bot tempoxyz-bot tempoxyz-bot left review comments

@legion2002 legion2002 Awaiting requested review from legion2002 legion2002 is a code owner

@howydev howydev Awaiting requested review from howydev howydev is a code owner

@0xKitsune 0xKitsune Awaiting requested review from 0xKitsune 0xKitsune is a code owner

@danrobinson danrobinson Awaiting requested review from danrobinson danrobinson is a code owner

@dankrad dankrad Awaiting requested review from dankrad dankrad is a code owner

@0xrusowsky 0xrusowsky Awaiting requested review from 0xrusowsky 0xrusowsky is a code owner

@klkvr klkvr Awaiting requested review from klkvr klkvr is a code owner

@mattsse mattsse Awaiting requested review from mattsse mattsse is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

A-precompile Related to precompiles agentic-audit C-enhancement New feature or request T2

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fgimenez @tempoxyz-bot @jenpaff