fix: harden governance role topology

[carrion256]

Fixed Findings

• A-044 / Nexus b92e3503-968f-4ec9-ac68-902ebfb2a0cc / #FIND-044
  • Commit 61fb75ea2b12141e0ae2e6906d839025f890532f
  • Runtime initialization and governance config now reject nonsensical address topology: governance must be a real Wasm governance contract, token addresses must be SAC-backed, and role/config addresses reject SAC/topology-invalid values while preserving account and Wasm contract-auth role holders.
• A-047 / Nexus d1113e95-8904-4664-9c92-dfa2cfd0fb65 / #FIND-047
  • Commit 5cfbcffc8aa995022eb0d7ae2a82adc71a423ca7
  • SetGovernance rejects invalid governance targets such as the vault itself or non-governance/arbitrary contracts.
• A-063 / Nexus 5dbac2a6-dce1-4e59-af8d-128f8929ae73 / #FIND-063
  • Commit 3c1b5f9ddbd7ada1ef4478e1ead5b2f8435493d8
  • Governance constructor rejects self-referential/colliding admin/vault/governance role topology.
• A-084 / Nexus 9e4e4f3c-9f48-44a1-92df-8d8300a69605 / #FIND-084
  • Commit 0a0e7b0fb45e62ddcb2b68a5eda4b3cd262d543d
  • Share-token authority is bound to the vault topology; admin cannot silently rebind the vault authority after initialization.

Verification

Passed:

RUSTUP_TOOLCHAIN=1.89.0 cargo test -p templar-soroban-runtime --lib -- --nocapture
RUSTUP_TOOLCHAIN=1.89.0 cargo test -p templar-soroban-runtime --test integration_tests -- --skip soroban_contract_resync_idle_balance_fixes_donation_accounting --nocapture
RUSTUP_TOOLCHAIN=1.89.0 cargo test -p templar-soroban-governance -- --nocapture
RUSTUP_TOOLCHAIN=1.89.0 cargo test -p templar-soroban-share-token -- --nocapture
RUSTUP_TOOLCHAIN=1.89.0 cargo fmt --all --check
git diff --check
just -f contract/vault/soroban/justfile build
just -f contract/vault/soroban/justfile size-budget-check

Size gate:

• Runtime deploy WASM: 96918 bytes / 94.65 KiB <= 131072 bytes / 128.00 KiB
• Runtime optimized input: 98316 bytes / 96.01 KiB

Known base failure, reproduced on origin/audit/governance-control-plane before this PR and excluded from the branch-specific integration sweep:

RUSTUP_TOOLCHAIN=1.89.0 cargo test -p templar-soroban-runtime --test integration_tests soroban_contract_resync_idle_balance_fixes_donation_accounting -- --nocapture

Stack

Base: PR #427 / branch audit/governance-control-plane.

---

This change is 

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: cc211468-4baf-4a0d-921b-529e043000ac

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch audit/governance-role-topology-a044-a047-a063-a084

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}