Skip to content

Feature/security review and threat model#225

Merged
Baskarayelu merged 5 commits intoRemitwise-Org:mainfrom
Hahfyeex:feature/security-review-and-threat-model
Feb 26, 2026
Merged

Feature/security review and threat model#225
Baskarayelu merged 5 commits intoRemitwise-Org:mainfrom
Hahfyeex:feature/security-review-and-threat-model

Conversation

@Hahfyeex
Copy link
Contributor

@Hahfyeex Hahfyeex commented Feb 25, 2026
edited
Loading

this pr closes #148

Summary

This PR includes comprehensive security documentation, tagging feature implementation, and critical bug fixes for struct field initialization issues.

Changes

Security Documentation

  • ✅ Added THREAT_MODEL.md with 23 identified security threats across all contracts
  • ✅ Added SECURITY_REVIEW_SUMMARY.md with security findings and recommendations
  • ✅ Created 5 security issue templates for tracking vulnerabilities
  • ✅ Updated README.md with security section

Tagging Feature

  • ✅ Added tagging support to Bill, ArchivedBill, SavingsGoal, and InsurancePolicy structs
  • ✅ Implemented tag management functions across all contracts

Critical Bug Fixes

  • ✅ Fixed duplicate #[contracttype] and #[derive] attributes in Bill and ArchivedBill structs
  • ✅ Added missing tags field to all Bill and ArchivedBill struct constructions (5 locations)
  • ✅ Fixed missing contract struct definition in savings_goals
  • ✅ Removed trailing whitespace from all markdown files
  • ✅ Merged latest upstream changes

@Hahfyeex
Add missing tags field to all Bill and ArchivedBill struct constructions
fcc4628
@Hahfyeex
Merge latest upstream/main
ede0d15
@Hahfyeex
Fix: Re-add tags field and remove duplicate contracttype attributes a…
aadd141 
…fter merge
@Hahfyeex
feat: Add production-ready event indexer for off-chain querying
a3dbfa4 
- Implement TypeScript event indexer with Stellar SDK integration
- Add SQLite database with normalized schema for goals, bills, policies, splits
- Create query service with 15+ example queries (dashboard, tags, overdue bills)
- Add CLI interface for testing and querying indexed data
- Include Docker and Docker Compose deployment configurations
- Add comprehensive documentation (README, Quick Start, Implementation guide)
- Create deployment checklist and maintenance scripts
- Add unit tests for event processor
- Support tag-based filtering across all entities
- Include example queries and usage patterns

Acceptance Criteria Met:
✅ Indexer works against testnet/localnet
✅ README explains setup and usage
✅ Subscribes to contract events (4 contracts, 10+ event types)
✅ Stores normalized data in SQLite
✅ Exposes example queries via CLI and API

Files Created: 24 files
- Core: 8 TypeScript implementation files
- Documentation: 5 comprehensive guides
- Configuration: 7 setup and deployment files
- Testing: 4 test and example files
@Baskarayelu
Copy link
Contributor

Baskarayelu commented Feb 25, 2026

please resolve the conflicts

@Baskarayelu Baskarayelu merged commit a84c864 into Remitwise-Org:main Feb 26, 2026
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Perform Threat Modeling and Security Review for Contracts

2 participants

@Hahfyeex @Baskarayelu