Skip to content

feat: Complete Allowlist implementation for beta staker consolidation #3833

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: allowlist
Choose a base branch
from
Open

feat: Complete Allowlist implementation for beta staker consolidation #3833

wants to merge 2 commits into from
+1,101 −1

Conversation

piotr-roslaniec
Copy link

Fixes PR #3826 by implementing missing components for Allowlist contract:

  • Add a test suite
  • Create deployment script with upgradeable proxy pattern
  • Add migration script to initialize existing beta staker weights

@piotr-roslaniec
feat: Implement Allowlist contract for operator management
8281c38 
- Add Allowlist contract to replace TokenStaking per TIP-092/TIP-100
- Implement weight-based operator management without token staking
- Add deployment and initialization scripts
- Include consolidation script for operator reduction (20→4 operators)
  - Includes NUCO operators (1 kept, 1 consolidated)
- Add comprehensive test coverage
- Maintain compatibility with existing WalletRegistry interface
@piotr-roslaniec piotr-roslaniec marked this pull request as ready for review August 29, 2025 06:27
@piotr-roslaniec piotr-roslaniec requested review from lrsaturnino and pdyraga and removed request for lrsaturnino and pdyraga August 29, 2025 06:27
@piotr-roslaniec piotr-roslaniec dismissed stale reviews from kathleenmotley49-maker and kathleenmotley49-maker September 2, 2025 14:09

Dismissing fraudulent review from compromised account (Incident: THRESH-SEC-2025-001)

@piotr-roslaniec
fix: Address audit findings for Allowlist contract
4ad1404 
- Add two-step process enforcement for weight decrease (Issue #1)
  - Introduce decreasePending flag to track valid decrease requests
  - Prevent bypassing the intended authorization flow

- Add zero address validation (Issue #3)
  - Validate walletRegistry in initialize()
  - Validate stakingProvider in addStakingProvider()

- Add zero weight validation (Issue #5)
  - Prevent adding staking providers with zero weight
  - Avoid potential duplicate additions

- Add comprehensive test coverage for all security fixes

Note: Issue #8 (seize function access) intentionally not restricted
as public reporting of malicious behavior is desired functionality
lrsaturnino
lrsaturnino approved these changes Sep 24, 2025
View reviewed changes
Copy link
Member

@lrsaturnino lrsaturnino left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lrsaturnino lrsaturnino lrsaturnino approved these changes

@pdyraga pdyraga Awaiting requested review from pdyraga

+1 more reviewer

@kathleenmotley49-maker kathleenmotley49-maker kathleenmotley49-maker approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@piotr-roslaniec @lrsaturnino @kathleenmotley49-maker