From 7a13187336f6b5131d7b36b94a32a2b99b297274 Mon Sep 17 00:00:00 2001 From: barry01_hash Date: Sun, 31 May 2026 15:46:44 +0100 Subject: [PATCH 1/3] add security policy --- SECURITY.md | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..a6bbc91 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,31 @@ +# Security Policy + +## Supported Versions + +We actively support the following versions of bc-forge: + +| Version | Supported | +| --- | --- | +| `main` branch | Yes | +| Latest tagged release | Yes | +| Older released versions | No | + +If a vulnerability affects an older release, please still report it. We may not ship fixes for every historical version, but we will review the impact and decide whether backporting is appropriate. + +## Reporting a Vulnerability + +Please report security issues privately so we can investigate before any public disclosure. + +Preferred contact methods: + +1. GitHub Security Advisories for a private report. +2. GitHub Discussions for non-sensitive coordination and general security questions. + +Please include: + +- A clear description of the issue +- The affected component and version, if known +- Steps to reproduce +- Any proof of concept, logs, or screenshots that help us confirm the impact + +We aim to acknowledge reports promptly and work with reporters toward a safe fix and coordinated disclosure. From 762932d4e4d9325f5e7adf395d0dd59aadfe173a Mon Sep 17 00:00:00 2001 From: Promise Raji <94976593+p3ris0n@users.noreply.github.com> Date: Wed, 27 May 2026 12:10:20 +0100 Subject: [PATCH 2/3] allow manual assert in contracts --- contracts/admin/src/lib.rs | 1 + contracts/lifecycle/src/lib.rs | 1 + contracts/token/src/lib.rs | 1 + 3 files changed, 3 insertions(+) diff --git a/contracts/admin/src/lib.rs b/contracts/admin/src/lib.rs index a383979..a895783 100644 --- a/contracts/admin/src/lib.rs +++ b/contracts/admin/src/lib.rs @@ -4,6 +4,7 @@ //! Provides admin storage, authentication guards, and role management. #![no_std] +#![allow(clippy::manual_assert)] use soroban_sdk::{contracttype, Address, Env}; diff --git a/contracts/lifecycle/src/lib.rs b/contracts/lifecycle/src/lib.rs index 526e195..084763a 100644 --- a/contracts/lifecycle/src/lib.rs +++ b/contracts/lifecycle/src/lib.rs @@ -5,6 +5,7 @@ //! all token transfers and minting until the admin unpauses. #![no_std] +#![allow(clippy::manual_assert)] use soroban_sdk::{contracttype, Address, Env}; diff --git a/contracts/token/src/lib.rs b/contracts/token/src/lib.rs index 9ed8983..fd27653 100644 --- a/contracts/token/src/lib.rs +++ b/contracts/token/src/lib.rs @@ -11,6 +11,7 @@ //! - Structured event emissions for off-chain indexing #![no_std] +#![allow(clippy::manual_assert)] mod events; From 289a00c7c747d5ea85d91642fb3b6d8733f6aef4 Mon Sep 17 00:00:00 2001 From: barry01_hash Date: Sun, 31 May 2026 16:02:45 +0100 Subject: [PATCH 3/3] allow manual assert in contracts --- contracts/token/src/lib.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/contracts/token/src/lib.rs b/contracts/token/src/lib.rs index fd27653..fcc4724 100644 --- a/contracts/token/src/lib.rs +++ b/contracts/token/src/lib.rs @@ -220,7 +220,8 @@ impl BcForgeToken { let admin = Self::read_admin(&env); admin.require_auth(); - env.deployer().update_current_contract_wasm(new_wasm_hash.clone()); + env.deployer() + .update_current_contract_wasm(new_wasm_hash.clone()); events::emit_upgrade(&env, &admin, &new_wasm_hash); } @@ -234,7 +235,8 @@ impl BcForgeToken { let admin = Self::read_admin(&env); admin.require_auth(); - let old_name = env.storage() + let old_name = env + .storage() .instance() .get(&DataKey::Name) .unwrap_or_else(|| String::from_str(&env, "bc-forge")); @@ -248,7 +250,8 @@ impl BcForgeToken { let admin = Self::read_admin(&env); admin.require_auth(); - let old_symbol = env.storage() + let old_symbol = env + .storage() .instance() .get(&DataKey::Symbol) .unwrap_or_else(|| String::from_str(&env, "SFG"));