Skip to content

feat: Complete Allowlist implementation for beta staker consolidation #3833

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Parent: Allowlist for Wallet Registry
merged 2 commits into from
Oct 9, 2025
Merged

feat: Complete Allowlist implementation for beta staker consolidation #3833

merged 2 commits into from
Oct 9, 2025
+1,101 −1

Conversation

@piotr-roslaniec
Copy link
Collaborator

Fixes PR #3826 by implementing missing components for Allowlist contract:

  • Add a test suite
  • Create deployment script with upgradeable proxy pattern
  • Add migration script to initialize existing beta staker weights

@piotr-roslaniec
feat: Implement Allowlist contract for operator management
8281c38 
- Add Allowlist contract to replace TokenStaking per TIP-092/TIP-100
- Implement weight-based operator management without token staking
- Add deployment and initialization scripts
- Include consolidation script for operator reduction (20→4 operators)
  - Includes NUCO operators (1 kept, 1 consolidated)
- Add comprehensive test coverage
- Maintain compatibility with existing WalletRegistry interface
@piotr-roslaniec piotr-roslaniec marked this pull request as ready for review August 29, 2025 06:27
@piotr-roslaniec piotr-roslaniec requested review from lrsaturnino and pdyraga and removed request for lrsaturnino and pdyraga August 29, 2025 06:27
@piotr-roslaniec piotr-roslaniec dismissed stale reviews from ghost September 2, 2025 14:09

Dismissing fraudulent review from compromised account (Incident: THRESH-SEC-2025-001)

@piotr-roslaniec
fix: Address audit findings for Allowlist contract
4ad1404 
- Add two-step process enforcement for weight decrease (Issue #1)
  - Introduce decreasePending flag to track valid decrease requests
  - Prevent bypassing the intended authorization flow

- Add zero address validation (Issue #3)
  - Validate walletRegistry in initialize()
  - Validate stakingProvider in addStakingProvider()

- Add zero weight validation (Issue #5)
  - Prevent adding staking providers with zero weight
  - Avoid potential duplicate additions

- Add comprehensive test coverage for all security fixes

Note: Issue #8 (seize function access) intentionally not restricted
as public reporting of malicious behavior is desired functionality
lrsaturnino
lrsaturnino approved these changes Sep 24, 2025
View reviewed changes
Copy link
Member

@lrsaturnino lrsaturnino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@piotr-roslaniec piotr-roslaniec merged commit 822b097 into allowlist Oct 9, 2025
13 of 15 checks passed
@piotr-roslaniec piotr-roslaniec deleted the feat/allowlist branch October 9, 2025 13:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lrsaturnino lrsaturnino lrsaturnino approved these changes

@pdyraga pdyraga Awaiting requested review from pdyraga

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@piotr-roslaniec @lrsaturnino