Add Dusk contract standards and Forge reference contracts#24
Draft
HDauven wants to merge 35 commits into
Draft
Conversation
ccd00af to
2184b27
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds a Dusk-native standards layer inspired by OpenZeppelin, but shaped around Dusk contract semantics instead of EVM compatibility.
This includes:
Security Model
The standards layer explicitly distinguishes between:
msg.senderand therefore use explicit signed authorizationsA normal Moonlight transaction reaches the target through the transfer contract.
CallContext::current()treats the root transfer-contract entrypoint into the target as the transaction boundary and maps that topublic_sender. Nested calls are not rewritten to the public sender; they stay bound to the immediate caller contract.Signed actions bind:
The higher-level authorization helpers verify the full action envelope before consuming nonces, so failed authorization paths should not advance replay state.
Validation
The PR includes invariant tests, property tests, data-driver fuzz tests, and VM deploy/query tests.
Passed locally on the current branch:
cargo fmt --checkgit diff --checkbash -n scripts/dusk-contract-standards-local-smoke.sh scripts/dusk-contract-standards-audit-grade.shcargo clippy -p dusk-contract-standards --all-targets -- -D warningscargo test -p dusk-contract-standardscargo test -p dusk-contract-standards --test examples_vm -- --ignoredRUN_CARGO_AUDIT=0 RUN_LOCAL_NODE_SMOKE=0 ./scripts/dusk-contract-standards-audit-grade.shAdditional validation done outside of the package test suite:
https://testnet.nodes.dusk.networkThe testnet smoke covered deploys plus positive and negative action flows for Phoenix auth, Moonlight auth, DRC20, DRC721, proxy admin and 2-of-3 multisig-governed proxy execution.
Dependency Note
This draft PR is intended for prerelease review before final standards publication.
The branch currently uses published package versions where available:
dusk-forge = 0.3.0dusk-data-driver = 0.3.2-alpha.1dusk-core = 1.6.0dusk-vm = 1.6.0dusk-wallet-core = 1.6.0rusk-profile = 1.6.0rusk-prover = 1.6.0The old local prerelease checkout dependencies for
../rusk-privateand../forge-explicit-emitshave been removed from this branch.Review Focus
Please review especially:
Auditor-facing documentation can be found here: https://github.com/dusk-network/contracts/blob/research/dusk-standards-hardening/docs/dusk-contract-standards-audit.md