test(security): enforce dispute state authorization for arbiter actions#152
Merged
shakurJJ merged 2 commits intoJun 26, 2026
Merged
Conversation
- Adds test_arbiter_security.rs with 10 comprehensive security tests - Verifies arbiter cannot call resolve_dispute on non-Disputed milestones - Tests all 5 non-Disputed MilestoneStatus states: Pending, ProofSubmitted, Confirmed, ConfirmedHeld, Resolved - Verifies arbiter cannot call confirm_milestone (buyer-only operation) - Verifies arbiter cannot call cancel_shipment (buyer-only operation) - Validates only arbiter can resolve after buyer raises dispute - Tests arbiter cannot bypass dispute process for unilateral fund redirection - All tests verify proper authorization checks prevent unauthorized access - Security coverage prevents fund theft and unauthorized state transitions
|
@Ajadu-Saviour Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
This PR strengthens the contract's authorization guarantees by adding security-focused tests that verify arbiters cannot resolve disputes unless a milestone has explicitly entered the
Disputedstate.The new test suite validates that dispute resolution is only possible after a buyer-initiated dispute has been raised, preventing unauthorized fund redirection and preserving the intended dispute lifecycle. It also confirms that arbiters cannot invoke other restricted operations such as milestone confirmation or shipment cancellation.
Motivation
The dispute workflow assumes that an arbiter may only intervene after a dispute has been formally opened by the buyer. Without explicit regression tests, future changes could unintentionally allow arbiters to bypass this workflow and resolve milestones that were never disputed.
This PR adds comprehensive authorization tests to ensure the contract consistently enforces these security boundaries.
Changes
Dispute Resolution Authorization
Added tests to verify that
resolve_disputerejects calls when the milestone is not in theDisputedstate.Covered milestone states include:
PendingProofSubmittedConfirmedResolvedEach scenario asserts that the contract panics with the expected
NoDisputeOpen(or equivalent) error.Arbiter Permission Validation
Added authorization tests confirming that an arbiter cannot invoke operations reserved for other participants.
Verified restricted operations:
confirm_milestonecancel_shipmentEach test asserts that unauthorized calls fail with the expected authorization error.
Security Regression Coverage
Expanded the security test suite to validate:
These tests help ensure future refactoring cannot weaken the contract's access control or dispute workflow.
Testing
Added comprehensive coverage for:
Dispute Resolution
resolve_disputebefore any dispute is openedPendingProofSubmittedConfirmedResolvedAuthorization
confirm_milestonecancel_shipmentRegression Protection
Security Impact
This PR reinforces the contract's dispute model by ensuring:
These tests provide long-term protection against changes that could compromise authorization or state transition rules.
Acceptance Criteria
resolve_disputepanics when called on a non-Disputedmilestoneconfirm_milestonepanic withUnauthorizedcancel_shipmentpanic withUnauthorizedMilestoneStatusvariantsResult
The contract now includes comprehensive security regression tests that enforce the intended dispute workflow, ensuring arbiters may only resolve disputes after a buyer-initiated dispute exists and preventing unauthorized access to privileged contract operations.
Closes #124