Skip to content

fix: require governance group market id#441

Draft
carrion256 wants to merge 1 commit into
spr/refactor/vault-ergonomics/4f330057from
audit/governance-abi-validation-a062
Draft

fix: require governance group market id#441
carrion256 wants to merge 1 commit into
spr/refactor/vault-ergonomics/4f330057from
audit/governance-abi-validation-a062

Conversation

@carrion256

@carrion256 carrion256 commented May 18, 2026
edited by peer2f00l
Loading

Copy link
Copy Markdown
Collaborator

Fixed Findings

  • A-062 / Nexus e019c107-ebbe-4cbd-8446-06739d060ac0

Summary

  • Require market_id for SetGovernancePolicy group-membership commands (mode == 2).
  • Preserve existing group absolute-cap and relative-cap behavior, which does not use market_id.
  • Add a regression proving omitted market_id now returns ContractError::InvalidInput and does not silently update market 0.

RED Evidence

Before the fix, the focused regression failed because a group-membership payload with market_id: None returned Ok(()):

cargo test -p templar-soroban-runtime test_execute_governance_group_membership_requires_market_id -- --nocapture
left: Ok(())
right: Err(InvalidInput)

Verification

  • cargo test -p templar-soroban-runtime test_execute_governance_group_membership_requires_market_id -- --nocapture
  • cargo test -p templar-soroban-runtime --lib -- --nocapture (104 passed)
  • cargo fmt --check
  • git diff --check
  • cargo test -p templar-soroban-runtime -- --nocapture
  • just -f contract/vault/soroban/justfile build
  • just -f contract/vault/soroban/justfile size-budget-check (93946 <= 131072 bytes)

Stack / Base

  • Base: PR 417 branch spr/refactor/vault-ergonomics/4f330057
  • Branch: audit/governance-abi-validation-a062

This change is Reviewable

@coderabbitai

coderabbitai Bot commented May 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: b7e7dda7-9e56-4b66-b396-6c183c939b57

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch audit/governance-abi-validation-a062

Comment @coderabbitai help to get the list of available commands and usage tips.

@carrion256 carrion256 mentioned this pull request May 18, 2026
Closed
@carrion256 carrion256 force-pushed the audit/governance-abi-validation-a062 branch from 4fab9e0 to 366419d Compare May 18, 2026 14:43
@carrion256

carrion256 commented May 18, 2026

Copy link
Copy Markdown
Collaborator Author

@coderabbitai review

@coderabbitai

coderabbitai Bot commented May 18, 2026

Copy link
Copy Markdown
Contributor
✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

@carrion256 carrion256 force-pushed the audit/governance-abi-validation-a062 branch from 366419d to 08e51c6 Compare May 19, 2026 08:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@carrion256