RWA: compliance integration example#653
Draft
pasevin wants to merge 1 commit intoOpenZeppelin:mainfrom
Draft
Conversation
Transplant the reviewed compliance integration example together with the existing module and example crates it depends on so the PR stands alone.
Contributor
WalkthroughThis pull request introduces a comprehensive suite of RWA (Real World Assets) compliance modules for Stellar tokens, including country allowlisting/restricting, balance limits, supply caps, time-based transfer windows, transfer restrictions, and initial lockup periods. It adds trait definitions and storage layers in the packages directory alongside standalone example implementations and integration tests in the examples directory. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant Token as RWA Token
participant Compliance as Compliance Registry
participant Module as Compliance Module<br/>(e.g., Country Allow)
participant IRS as Identity Registry
User->>Token: transfer(to, amount)
Token->>Compliance: get_modules_for_hook(CanTransfer)
Compliance-->>Token: [Module]
Token->>Module: can_transfer(from, to, amount, token)
Module->>IRS: stored_identity(to)
IRS-->>Module: country_data
Module->>Module: check country in allowlist
Module-->>Token: bool (allowed/denied)
Token-->>User: success/error
sequenceDiagram
participant Admin
participant Module as Compliance Module<br/>(e.g., Max Balance)
participant Storage as Module Storage
participant Compliance as Compliance Contract
Admin->>Module: set_max_balance(token, max=1000)
Module->>Compliance: require_auth()
Compliance-->>Module: authorized
Module->>Storage: persist max_balance for token
Storage-->>Module: done
Module->>Module: emit MaxBalanceSet event
Admin->>Module: batch_pre_set_module_state(token, [id1,id2], [500,600])
Module->>Storage: set identity balances
Storage-->>Module: done
Module->>Module: emit IDBalancePreSet events
Estimated Code Review Effort🎯 4 (Complex) | ⏱️ ~50 minutes Possibly Related PRs
Suggested Reviewers
Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (10)
examples/rwa-supply-limit/README.md (1)
58-58: Polish sentence flow in the “historical minting” note.Small readability tweak for the adverb placement.
✏️ Suggested wording update
-- If the module is attached after a token already has minted supply, seed the +- If the module is attached after a token has already minted supply, seed the🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/rwa-supply-limit/README.md` at line 58, Summary: Improve sentence flow in the "historical minting" note by moving the adverb for clearer English; change the fragment "If the module is attached after a token already has minted supply, seed the" to a smoother phrasing such as "If the module is attached after a token has already minted supply, seed the" (or "If the module is attached after a token already minted supply, seed the") so the adverb "already" follows "has" and the sentence reads naturally.packages/tokens/src/rwa/compliance/modules/max_balance/test.rs (1)
22-208: Extract the mock compliance/IRS harness before it drifts further.
MockIRSContract,MockComplianceContract, andarm_hooksare now copied across multiple module test files. Moving them into a sharedtest_supportmodule would make future trait or hook-surface changes land once instead of being patched in parallel.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/tokens/src/rwa/compliance/modules/max_balance/test.rs` around lines 22 - 208, Extract the duplicated test harness into a shared test_support module by moving the MockIRSContract, MockIRSStorageKey, MockComplianceContract, MockComplianceStorageKey, TestMaxBalanceContract trait impls, the helper methods set_identity and register_hook, and arm_hooks into a single library file (e.g., test_support.rs) and re-export them for tests; then update this test file to import those symbols instead of redefining them and delete the local copies to avoid drift. Ensure the shared module implements the same contract trait impls (TokenBinder, IdentityRegistryStorage, CountryDataManager, Compliance, and TokenBinder for MockComplianceContract) and exposes set_identity and register_hook so tests can set stored identities and register hooks the same way as before. Finally, run cargo test to verify the moved symbols (MockIRSContract, MockComplianceContract, MockIRSStorageKey, MockComplianceStorageKey, arm_hooks) are referenced correctly and adjust any visibility (pub(crate)/pub) if needed.examples/rwa-compliance/src/test.rs (1)
106-113: Keep the compliance handoff separate from hook registration.Line 108 hands control to Compliance before the module-specific
set_*calls in each test, so those calls only work becausesetup()globally mocks auths. Splitting this helper into “register hooks” and “handoff” steps would make the integration flow match the documented bootstrap-admin pattern and reduce false positives around auth/order regressions. Based on learnings,set_compliance_addressis the auth handoff point and pre-bind auth is intentionally enforced at the public entrypoints.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/rwa-compliance/src/test.rs` around lines 106 - 113, The helper wire_module mixes hook registration and the auth handoff (ComplianceModuleClient::set_compliance_address) which masks order/auth bugs; split it into two helpers such as register_module_hooks(ts, module_addr, hooks) that loops ts.compliance_client.add_module_to(hook, module_addr, &ts.admin) and handoff_compliance(ts, module_addr) that constructs ComplianceModuleClient::new(&ts.env, module_addr) and calls set_compliance_address(&ts.compliance); update tests to call register_module_hooks(...) first and then handoff_compliance(...) so pre-bind auth is enforced as in setup().packages/tokens/src/rwa/compliance/modules/supply_limit/test.rs (1)
104-211: Please run thepackages/tokenstest target in CI.These new module suites live outside
rwa-compliance-example, but the stated PR plan only exercises that example crate. Adding the relevantpackages/tokenstest command(s) would catch compile/macro regressions in these new unit-test files before merge.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@packages/tokens/src/rwa/compliance/modules/supply_limit/test.rs` around lines 104 - 211, CI is not running the new unit tests under the tokens package, so add a CI step to run the tokens package test target (e.g., run cargo test -p tokens or equivalent workspace-target invocation) so the tests like verify_hook_wiring_sets_cache_when_registered, hooks_update_internal_supply_and_cap_future_mints, and pre_set_internal_supply_seeds_existing_supply_for_cap_checks in the supply_limit test module are executed; modify the existing test job that only exercises the rwa-compliance-example to also invoke the tokens package tests (or add a separate job) to catch compile/macro regressions before merge.examples/rwa-compliance/src/identity_verifier.rs (1)
7-14: Unused import:VecThe
Vectype is imported but not used in this file.🔧 Proposed fix
use soroban_sdk::{ - contract, contractimpl, contracttype, panic_with_error, symbol_short, Address, Env, Symbol, Vec, + contract, contractimpl, contracttype, panic_with_error, symbol_short, Address, Env, Symbol, };🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/rwa-compliance/src/identity_verifier.rs` around lines 7 - 14, Remove the unused Vec import from the soroban_sdk use list to fix the dead import; edit the use declaration that currently includes Vec (use soroban_sdk::{..., Vec,};) and delete only Vec so the module imports (e.g., Address, Env, Symbol) remain unchanged.examples/rwa-time-transfers-limits/src/lib.rs (1)
3-20: Unused import:StringThe
Stringtype is imported but not used in this contract.🔧 Proposed fix
-use soroban_sdk::{ - contract, contractimpl, contracttype, panic_with_error, vec, Address, Env, String, Vec, -}; +use soroban_sdk::{ + contract, contractimpl, contracttype, panic_with_error, vec, Address, Env, Vec, +};🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/rwa-time-transfers-limits/src/lib.rs` around lines 3 - 20, The import list at the top unnecessarily includes the unused symbol String from soroban_sdk; remove String from the use declaration (the line importing contract, contractimpl, contracttype, panic_with_error, vec, Address, Env, String, Vec) so only actually used symbols remain (e.g., keep Address, Env, Vec, vec, contract, contractimpl, contracttype, panic_with_error).examples/rwa-supply-limit/src/lib.rs (1)
3-18: Unused import:StringThe
Stringtype is imported but not used in this contract.🔧 Proposed fix
-use soroban_sdk::{contract, contractimpl, contracttype, vec, Address, Env, String, Vec}; +use soroban_sdk::{contract, contractimpl, contracttype, vec, Address, Env, Vec};🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/rwa-supply-limit/src/lib.rs` around lines 3 - 18, The import list includes an unused type `String` from soroban_sdk (see the use statement that currently contains "String"); remove `String` from the use declaration so the line becomes something like the existing import list without `String` to eliminate the unused import warning and keep only needed symbols like Address, Env, Vec, contract, contractimpl, contracttype, and vec.examples/rwa-initial-lockup-period/src/lib.rs (1)
3-19: Unused import:StringThe
Stringtype is imported but not used in this contract.🔧 Proposed fix
-use soroban_sdk::{contract, contractimpl, contracttype, vec, Address, Env, String, Vec}; +use soroban_sdk::{contract, contractimpl, contracttype, vec, Address, Env, Vec};🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/rwa-initial-lockup-period/src/lib.rs` around lines 3 - 19, The import list in the top-level use from soroban_sdk includes an unused symbol `String`; remove `String` from the import list (the use that currently reads soroban_sdk::{contract, contractimpl, contracttype, vec, Address, Env, String, Vec}) so only actually used types/macros remain (contract, contractimpl, contracttype, vec, Address, Env, Vec), ensuring no other references to `String` exist in this module (if any, replace with the appropriate type).examples/rwa-country-allow/src/lib.rs (1)
3-10: Unused import:StringThe
Stringtype is imported but not used in this contract.🔧 Proposed fix
-use soroban_sdk::{contract, contractimpl, contracttype, Address, Env, String, Vec}; +use soroban_sdk::{contract, contractimpl, contracttype, Address, Env, Vec};🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/rwa-country-allow/src/lib.rs` around lines 3 - 10, The import list includes an unused type `String` from soroban_sdk; remove `String` from the use statement that currently reads soroban_sdk::{contract, contractimpl, contracttype, Address, Env, String, Vec} so the module only imports types actually used (e.g., contract, contractimpl, contracttype, Address, Env, Vec), ensuring no unused-import warnings; update the use line where `String` appears to eliminate the unused symbol.examples/rwa-country-restrict/src/lib.rs (1)
3-10: Unused import:StringThe
Stringtype is imported but not used in this contract.🔧 Proposed fix
-use soroban_sdk::{contract, contractimpl, contracttype, Address, Env, String, Vec}; +use soroban_sdk::{contract, contractimpl, contracttype, Address, Env, Vec};🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@examples/rwa-country-restrict/src/lib.rs` around lines 3 - 10, Remove the unused String import from the soroban_sdk use statement; edit the import line that currently reads use soroban_sdk::{contract, contractimpl, contracttype, Address, Env, String, Vec}; and drop String so only the actually used symbols (contract, contractimpl, contracttype, Address, Env, Vec) remain, ensuring no other references to String exist in the module (e.g., in functions or types like CountryRestrict/CountryRestricted/CountryUnrestricted).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@packages/tokens/src/rwa/compliance/modules/time_transfers_limits/mod.rs`:
- Around line 76-87: In can_transfer, avoid resolving the IRS client and
identity when there are no limits by checking limits.is_empty() immediately
after let limits = get_limits(e, &token) and returning true (or false per logic)
as appropriate; move the get_irs_client(e, &token) and
irs.stored_identity(&from) calls to after that emptiness check. Apply the same
short-circuit change to the Transferred handler (the function handling the
Transferred hook) around lines 217-222 so it also checks limits.is_empty()
before calling get_irs_client or resolving identities.
- Around line 213-223: The on_transfer handler mutates counters even if the
module's hooks aren't fully wired; add the same armed-state guard used in
can_transfer by returning early unless hooks_verified(e) is true so history
doesn't accrue before verify_hook_wiring runs—i.e., at the top of on_transfer
(and the analogous handler around lines 236-238) check hooks_verified(e) and
exit before calling get_compliance_address().require_auth(),
require_non_negative_amount(), get_irs_client(), increasing counters, or
invoking increase_counters; keep the existing auth and validation calls but only
execute them after the hooks_verified(e) guard.
---
Nitpick comments:
In `@examples/rwa-compliance/src/identity_verifier.rs`:
- Around line 7-14: Remove the unused Vec import from the soroban_sdk use list
to fix the dead import; edit the use declaration that currently includes Vec
(use soroban_sdk::{..., Vec,};) and delete only Vec so the module imports (e.g.,
Address, Env, Symbol) remain unchanged.
In `@examples/rwa-compliance/src/test.rs`:
- Around line 106-113: The helper wire_module mixes hook registration and the
auth handoff (ComplianceModuleClient::set_compliance_address) which masks
order/auth bugs; split it into two helpers such as register_module_hooks(ts,
module_addr, hooks) that loops ts.compliance_client.add_module_to(hook,
module_addr, &ts.admin) and handoff_compliance(ts, module_addr) that constructs
ComplianceModuleClient::new(&ts.env, module_addr) and calls
set_compliance_address(&ts.compliance); update tests to call
register_module_hooks(...) first and then handoff_compliance(...) so pre-bind
auth is enforced as in setup().
In `@examples/rwa-country-allow/src/lib.rs`:
- Around line 3-10: The import list includes an unused type `String` from
soroban_sdk; remove `String` from the use statement that currently reads
soroban_sdk::{contract, contractimpl, contracttype, Address, Env, String, Vec}
so the module only imports types actually used (e.g., contract, contractimpl,
contracttype, Address, Env, Vec), ensuring no unused-import warnings; update the
use line where `String` appears to eliminate the unused symbol.
In `@examples/rwa-country-restrict/src/lib.rs`:
- Around line 3-10: Remove the unused String import from the soroban_sdk use
statement; edit the import line that currently reads use soroban_sdk::{contract,
contractimpl, contracttype, Address, Env, String, Vec}; and drop String so only
the actually used symbols (contract, contractimpl, contracttype, Address, Env,
Vec) remain, ensuring no other references to String exist in the module (e.g.,
in functions or types like
CountryRestrict/CountryRestricted/CountryUnrestricted).
In `@examples/rwa-initial-lockup-period/src/lib.rs`:
- Around line 3-19: The import list in the top-level use from soroban_sdk
includes an unused symbol `String`; remove `String` from the import list (the
use that currently reads soroban_sdk::{contract, contractimpl, contracttype,
vec, Address, Env, String, Vec}) so only actually used types/macros remain
(contract, contractimpl, contracttype, vec, Address, Env, Vec), ensuring no
other references to `String` exist in this module (if any, replace with the
appropriate type).
In `@examples/rwa-supply-limit/README.md`:
- Line 58: Summary: Improve sentence flow in the "historical minting" note by
moving the adverb for clearer English; change the fragment "If the module is
attached after a token already has minted supply, seed the" to a smoother
phrasing such as "If the module is attached after a token has already minted
supply, seed the" (or "If the module is attached after a token already minted
supply, seed the") so the adverb "already" follows "has" and the sentence reads
naturally.
In `@examples/rwa-supply-limit/src/lib.rs`:
- Around line 3-18: The import list includes an unused type `String` from
soroban_sdk (see the use statement that currently contains "String"); remove
`String` from the use declaration so the line becomes something like the
existing import list without `String` to eliminate the unused import warning and
keep only needed symbols like Address, Env, Vec, contract, contractimpl,
contracttype, and vec.
In `@examples/rwa-time-transfers-limits/src/lib.rs`:
- Around line 3-20: The import list at the top unnecessarily includes the unused
symbol String from soroban_sdk; remove String from the use declaration (the line
importing contract, contractimpl, contracttype, panic_with_error, vec, Address,
Env, String, Vec) so only actually used symbols remain (e.g., keep Address, Env,
Vec, vec, contract, contractimpl, contracttype, panic_with_error).
In `@packages/tokens/src/rwa/compliance/modules/max_balance/test.rs`:
- Around line 22-208: Extract the duplicated test harness into a shared
test_support module by moving the MockIRSContract, MockIRSStorageKey,
MockComplianceContract, MockComplianceStorageKey, TestMaxBalanceContract trait
impls, the helper methods set_identity and register_hook, and arm_hooks into a
single library file (e.g., test_support.rs) and re-export them for tests; then
update this test file to import those symbols instead of redefining them and
delete the local copies to avoid drift. Ensure the shared module implements the
same contract trait impls (TokenBinder, IdentityRegistryStorage,
CountryDataManager, Compliance, and TokenBinder for MockComplianceContract) and
exposes set_identity and register_hook so tests can set stored identities and
register hooks the same way as before. Finally, run cargo test to verify the
moved symbols (MockIRSContract, MockComplianceContract, MockIRSStorageKey,
MockComplianceStorageKey, arm_hooks) are referenced correctly and adjust any
visibility (pub(crate)/pub) if needed.
In `@packages/tokens/src/rwa/compliance/modules/supply_limit/test.rs`:
- Around line 104-211: CI is not running the new unit tests under the tokens
package, so add a CI step to run the tokens package test target (e.g., run cargo
test -p tokens or equivalent workspace-target invocation) so the tests like
verify_hook_wiring_sets_cache_when_registered,
hooks_update_internal_supply_and_cap_future_mints, and
pre_set_internal_supply_seeds_existing_supply_for_cap_checks in the supply_limit
test module are executed; modify the existing test job that only exercises the
rwa-compliance-example to also invoke the tokens package tests (or add a
separate job) to catch compile/macro regressions before merge.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: b4cbb9be-e50e-4085-a561-2f58c348bbd9
⛔ Files ignored due to path filters (1)
Cargo.lockis excluded by!**/*.lock
📒 Files selected for processing (49)
Cargo.tomlexamples/rwa-compliance/Cargo.tomlexamples/rwa-compliance/src/compliance.rsexamples/rwa-compliance/src/identity_registry.rsexamples/rwa-compliance/src/identity_verifier.rsexamples/rwa-compliance/src/lib.rsexamples/rwa-compliance/src/test.rsexamples/rwa-compliance/src/token.rsexamples/rwa-country-allow/Cargo.tomlexamples/rwa-country-allow/README.mdexamples/rwa-country-allow/src/lib.rsexamples/rwa-country-restrict/Cargo.tomlexamples/rwa-country-restrict/README.mdexamples/rwa-country-restrict/src/lib.rsexamples/rwa-initial-lockup-period/Cargo.tomlexamples/rwa-initial-lockup-period/README.mdexamples/rwa-initial-lockup-period/src/lib.rsexamples/rwa-max-balance/Cargo.tomlexamples/rwa-max-balance/README.mdexamples/rwa-max-balance/src/lib.rsexamples/rwa-supply-limit/Cargo.tomlexamples/rwa-supply-limit/README.mdexamples/rwa-supply-limit/src/lib.rsexamples/rwa-time-transfers-limits/Cargo.tomlexamples/rwa-time-transfers-limits/README.mdexamples/rwa-time-transfers-limits/src/lib.rsexamples/rwa-transfer-restrict/Cargo.tomlexamples/rwa-transfer-restrict/README.mdexamples/rwa-transfer-restrict/src/lib.rspackages/tokens/src/rwa/compliance/modules/country_allow/mod.rspackages/tokens/src/rwa/compliance/modules/country_allow/storage.rspackages/tokens/src/rwa/compliance/modules/country_restrict/mod.rspackages/tokens/src/rwa/compliance/modules/country_restrict/storage.rspackages/tokens/src/rwa/compliance/modules/initial_lockup_period/mod.rspackages/tokens/src/rwa/compliance/modules/initial_lockup_period/storage.rspackages/tokens/src/rwa/compliance/modules/initial_lockup_period/test.rspackages/tokens/src/rwa/compliance/modules/max_balance/mod.rspackages/tokens/src/rwa/compliance/modules/max_balance/storage.rspackages/tokens/src/rwa/compliance/modules/max_balance/test.rspackages/tokens/src/rwa/compliance/modules/mod.rspackages/tokens/src/rwa/compliance/modules/supply_limit/mod.rspackages/tokens/src/rwa/compliance/modules/supply_limit/storage.rspackages/tokens/src/rwa/compliance/modules/supply_limit/test.rspackages/tokens/src/rwa/compliance/modules/time_transfers_limits/mod.rspackages/tokens/src/rwa/compliance/modules/time_transfers_limits/storage.rspackages/tokens/src/rwa/compliance/modules/time_transfers_limits/test.rspackages/tokens/src/rwa/compliance/modules/transfer_restrict/mod.rspackages/tokens/src/rwa/compliance/modules/transfer_restrict/storage.rspackages/tokens/src/rwa/compliance/modules/transfer_restrict/test.rs
Comment on lines
+76
to
+87
| fn can_transfer(e: &Env, from: Address, _to: Address, amount: i128, token: Address) -> bool { | ||
| assert!( | ||
| hooks_verified(e), | ||
| "TimeTransfersLimitsModule: not armed — call verify_hook_wiring() after wiring hooks \ | ||
| [CanTransfer, Transferred]" | ||
| ); | ||
| if amount < 0 { | ||
| return false; | ||
| } | ||
| let irs = get_irs_client(e, &token); | ||
| let from_id = irs.stored_identity(&from); | ||
| let limits = get_limits(e, &token); |
Contributor
There was a problem hiding this comment.
Skip IRS resolution when no limits are configured.
get_limits defaults to an empty Vec, so the empty/default state is reachable. Both transfer paths resolve IRS/identity before checking whether there is anything to enforce, which means removing the last limit still leaves this module coupled to IRS state and paying for an unnecessary cross-contract lookup on every transfer. Please short-circuit on limits.is_empty() before touching IRS here.
Also applies to: 217-222
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@packages/tokens/src/rwa/compliance/modules/time_transfers_limits/mod.rs`
around lines 76 - 87, In can_transfer, avoid resolving the IRS client and
identity when there are no limits by checking limits.is_empty() immediately
after let limits = get_limits(e, &token) and returning true (or false per logic)
as appropriate; move the get_irs_client(e, &token) and
irs.stored_identity(&from) calls to after that emptiness check. Apply the same
short-circuit change to the Transferred handler (the function handling the
Transferred hook) around lines 217-222 so it also checks limits.is_empty()
before calling get_irs_client or resolving identities.
Comment on lines
+213
to
+223
| fn verify_hook_wiring(e: &Env) { | ||
| verify_required_hooks(e, Self::required_hooks(e)); | ||
| } | ||
|
|
||
| fn on_transfer(e: &Env, from: Address, _to: Address, amount: i128, token: Address) { | ||
| get_compliance_address(e).require_auth(); | ||
| require_non_negative_amount(e, amount); | ||
| let irs = get_irs_client(e, &token); | ||
| let from_id = irs.stored_identity(&from); | ||
| increase_counters(e, &token, &from_id, amount); | ||
| } |
Contributor
There was a problem hiding this comment.
Gate on_transfer on the same armed-state check as can_transfer.
required_hooks() says this module needs both CanTransfer and Transferred, but on_transfer will still mutate counters before verify_hook_wiring() has armed the module. If only Transferred is wired, history starts accruing and later gets enforced retroactively once CanTransfer is added. Mirror the hooks_verified(e) guard here so the module stays fail-closed until wiring is verified.
Proposed fix
fn on_transfer(e: &Env, from: Address, _to: Address, amount: i128, token: Address) {
get_compliance_address(e).require_auth();
+ assert!(
+ hooks_verified(e),
+ "TimeTransfersLimitsModule: not armed — call verify_hook_wiring() after wiring hooks \
+ [CanTransfer, Transferred]"
+ );
require_non_negative_amount(e, amount);
let irs = get_irs_client(e, &token);
let from_id = irs.stored_identity(&from);
increase_counters(e, &token, &from_id, amount);
}Also applies to: 236-238
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@packages/tokens/src/rwa/compliance/modules/time_transfers_limits/mod.rs`
around lines 213 - 223, The on_transfer handler mutates counters even if the
module's hooks aren't fully wired; add the same armed-state guard used in
can_transfer by returning early unless hooks_verified(e) is true so history
doesn't accrue before verify_hook_wiring runs—i.e., at the top of on_transfer
(and the analogous handler around lines 236-238) check hooks_verified(e) and
exit before calling get_compliance_address().require_auth(),
require_non_negative_amount(), get_irs_client(), increasing counters, or
invoking increase_counters; keep the existing auth and validation calls but only
execute them after the hooks_verified(e) guard.
Contributor
Author
|
Marking this draft for now. This PR is intentionally self-contained against current |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a full-stack RWA compliance example with integration tests covering all seven compliance modules together.
Changes
examples/rwa-compliance/: adds a full-stack example composed of compliance, identity registry, verifier, and token contracts.Test plan
cargo +nightly fmt --all -- --checkcargo test -p rwa-compliance-example --lib