Feat/enforce authorized sweep destination

[FabianSanchezD]

Enforce Authorized Sweep Destination

Closes #7

Overview

This PR implements destination authorization for the sweep function, allowing the contract to enforce that funds can only be swept to a pre-authorized destination address set during initialization. The implementation supports both locked mode (destination required) and flexible mode (any destination allowed).

Changes

Core Functionality

• Storage Updates (storage.rs)

  • Added DataKey::AuthorizedDestination and DataKey::Creator
  • Added functions: set_authorized_destination(), get_authorized_destination(), has_authorized_destination()
  • Added creator tracking: set_creator(), get_creator()

• Initialization (lib.rs)

  • Updated initialize() to accept optional authorized_destination: Option<Address>
  • Stores creator address (invoker) for authorization checks
  • Emits DestinationAuthorized event when destination is set

• Sweep Validation (lib.rs)

  • Added destination validation in execute_sweep()
  • Returns Error::UnauthorizedDestination if destination doesn't match authorized destination (when set)
  • Allows any destination if no authorized destination is configured (flexible mode)

• Destination Management (lib.rs)

  • Added update_authorized_destination() function
  • Requires creator authorization
  • Only allows update if no sweep has occurred (nonce == 0)
  • Emits DestinationUpdated event

Error Handling

• New Error (errors.rs)
  • Added UnauthorizedDestination = 13

Events

• New Events (lib.rs)
  • DestinationAuthorized - emitted when destination is set during initialization
  • DestinationUpdated - emitted when authorized destination is updated

Testing

• Comprehensive Test Coverage (tests/integration.rs)
  • Test initialization with authorized destination (locked mode)
  • Test initialization without authorized destination (flexible mode)
  • Test sweep to authorized destination (success)
  • Test sweep to unauthorized destination (failure)
  • Test destination update by creator
  • Test destination update by non-creator (should fail)
  • Test destination update before sweep

Build Fixes

• Added #[contracttype] attribute to DataKey enum (required for Soroban storage)
• Fixed Bytes API usage in authorization module
• Fixed ed25519_verify to use correct parameter types
• Updated test imports and client method usage
• Added rlib crate-type for test compatibility

Security Features

1. Locked Mode: When an authorized destination is set, sweeps can only go to that address
2. Flexible Mode: When no destination is set, any destination is allowed (backward compatible)
3. Creator Authorization: Only the contract creator can update the authorized destination
4. Sweep Protection: Destination cannot be updated after any sweep has occurred

Testing

All tests pass and cover:

• ✅ Initialization with/without authorized destination
• ✅ Sweep to authorized destination (success)
• ✅ Sweep to unauthorized destination (failure)
• ✅ Destination update by creator
• ✅ Destination update by non-creator (failure)
• ✅ Destination update after sweep (blocked)

Breaking Changes

None - the authorized_destination parameter is optional, maintaining backward compatibility.

Notes

• Compliments on drips are appreciated! 💧
• All code passes linting and follows existing codebase conventions

[phertyameen]

Awsome!