Skip to content

Audit/stellar wraith names#40

Open
sudo-robi wants to merge 3 commits into
wraith-protocol:developfrom
sudo-robi:audit/stellar-wraith-names
Open

Audit/stellar wraith names#40
sudo-robi wants to merge 3 commits into
wraith-protocol:developfrom
sudo-robi:audit/stellar-wraith-names

Conversation

@sudo-robi
Copy link
Copy Markdown

@sudo-robi sudo-robi commented May 31, 2026

closes #4

sudo-robi added 2 commits May 28, 2026 09:43
@sudo-robi
feat(stellar): add wraith names on-behalf flow
c1415fa
@sudo-robi
audit(stellar): add wraith-names security audit and adversarial test …
9190d2e 
…suite

- Add comprehensive audit report covering safety, correctness, and
  cross-chain divergence analysis (1 Medium, 2 Low findings)
- Add 30 adversarial tests covering ownership, validation, release
  flows, reverse lookup integrity, and on-behalf authorization
- Document mainnet readiness assessment with go/no-go recommendation
Copilot AI review requested due to automatic review settings May 31, 2026 19:29
Copilot AI reviewed May 31, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot wasn't able to review this pull request because it exceeds the maximum number of lines (20,000). Try reducing the number of changed lines and requesting a review from Copilot again.

@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented May 31, 2026

@sudo-robi Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@truthixify truthixify changed the base branch from main to develop June 1, 2026 15:15
@truthixify
Copy link
Copy Markdown
Contributor

truthixify commented Jun 1, 2026

The audit work itself looks good. The Medium finding on update_internal publishing a register symbol (so indexers can't distinguish updates from new registrations) is a real catch and the recommendation is concrete. Audit doc is at the right path (audits/2026-05-author.md) matching #34's pattern, and the proptest snapshots are correct to commit for CI determinism.

Blocker is the same as your #30: this PR was opened against an older main and now conflicts hard with develop. The diff currently shows it removing or rewriting:

  • EVENT_TOPIC_DESIGN.md, ANNOUNCEMENT_SCHEMA.md, POSTMORTEMS.md, MAINNET_READINESS.md
  • scripts/rescue-stealth-funds.ts and friends
  • The announcer + sender audit reports
  • The tests/properties.rs proptest harnesses
  • The stellar-nightly CI job

Please rebase onto develop:

git fetch origin
git rebase origin/develop
git push --force-with-lease

Keep all the existing files listed above. Your audit doc and tests/audit.rs go in alongside them. Snapshots under stellar/wraith-names/test_snapshots/ are fine to keep as new files.

Once rebased I will re-review and merge. Thanks @sudo-robi.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Comprehensive security audit of wraith-names Soroban contract

3 participants

@sudo-robi @truthixify