Factory Deploys All Vaults with Factory's Own Admin — No Per-Vault Admin Override

[Jayy4rl]

Description

In _create_single_rwa_vault, the vault's admin field in InitParams is always set to get_admin(e) — the factory's admin. There is no way for the factory caller to specify a different admin for a newly deployed vault. This means:

1. Every vault is controlled by the same admin address
2. The factory admin has unilateral power over all deployed vaults
3. If different teams/operators need independent vaults with separate governance, they cannot use this factory
4. A compromised factory admin compromises every vault simultaneously

Why This Matters

In a multi-tenant RWA platform, different asset managers should have independent admin control over their vaults. Centralizing all vault admin under the factory admin creates a single point of failure and limits the protocol's utility.

Requirements

• Add an optional vault_admin: Address field to CreateVaultParams and BatchVaultParams
• In _create_single_rwa_vault: use vault_admin if provided, otherwise fall back to get_admin(e)
• For create_single_rwa_vault (simple variant), add an admin parameter or default to factory admin
• Similarly allow per-vault zkme_verifier and cooperator overrides (currently hardcoded to factory defaults)
• The factory admin should still be able to set vault status in the registry (this is factory-level, not vault-level)
• Emit the actual vault admin in the VaultCreated event

Key Files

• vault_factory/src/lib.rs — _create_single_rwa_vault (~L350), create_single_rwa_vault, create_single_rwa_vault_full
• vault_factory/src/types.rs — CreateVaultParams, BatchVaultParams

Definition of Done

• Vault admin is configurable per vault deployment
• Default falls back to factory admin when not specified
• Per-vault zkme_verifier and cooperator overrides supported
• Tests verify independent admin control on separately deployed vaults
• Existing simple creation function maintains backward compatibility

[Nanle-code]

@Nanle-code has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

Let me work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Nanle-code to this issue.

[drips-wave]

Congratulations, @Nanle-code! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on March 30, 2026.

🧑‍💻 @Nanle-code: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊