Skip to content

Feature/vesting cliffs topups #31

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
JerryIdoko merged 3 commits into from
Feb 20, 2026
Merged

Feature/vesting cliffs topups #31

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6842f51
feat: Implement secure admin key update with two-step process
Feb 20, 2026
29ef9d9
feat: Implement vesting cliffs on top-ups
Feb 20, 2026
9bc194b
Update PR description for vesting cliffs on top-ups feature
Feb 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 68 additions & 0 deletions PR_ADMIN_AUDIT_TRAIL.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
# Pull Request: Admin Audit Trail - Issue 19

## Summary
✅ **Issue 19: [Logs] Admin Audit Trail** - COMPLETED

Implemented a comprehensive admin audit trail system for compliance auditing that logs every admin action (Revoke, Create, Transfer) to a dedicated log file.

## Acceptance Criteria Met

✅ **Create audit.log** - Implemented in `src/services/auditLogger.js`
- Log file created at `backend/logs/audit.log`
- Automatic directory creation if it doesn't exist

✅ **Format: [TIMESTAMP] [ADMIN_ADDR] [ACTION] [TARGET_VAULT]** - Exactly implemented
- Example: `[2024-02-20T12:00:00.000Z] [0x1234...] [CREATE] [0x9876...]`

## Changes Made

### New Files Created
- **`src/services/auditLogger.js`** - Audit logging utility with exact format requirements
- **`src/services/adminService.js`** - Admin service with REVOKE, CREATE, TRANSFER actions
- **`backend/AUDIT_IMPLEMENTATION.md`** - Complete implementation documentation
- **`backend/test-audit.js`** - Test script for validation

### Modified Files
- **`src/index.js`** - Added admin API routes

## API Endpoints Added

- `POST /api/admin/revoke` - Revoke vault access
- `POST /api/admin/create` - Create new vault
- `POST /api/admin/transfer` - Transfer vault ownership
- `GET /api/admin/audit-logs` - Retrieve audit logs

## Audit Log Format
```
[TIMESTAMP] [ADMIN_ADDR] [ACTION] [TARGET_VAULT]
[2024-02-20T12:00:00.000Z] [0x1234567890123456789012345678901234567890] [CREATE] [0x9876543210987654321098765432109876543210]
[2024-02-20T12:01:00.000Z] [0x1234567890123456789012345678901234567890] [REVOKE] [0x9876543210987654321098765432109876543210]
[2024-02-20T12:02:00.000Z] [0x1234567890123456789012345678901234567890] [TRANSFER] [0x9876543210987654321098765432109876543210]
```

## Compliance Features
- ✅ Immutable audit trail (append-only logs)
- ✅ Timestamped entries in ISO format
- ✅ Admin address tracking
- ✅ Action type tracking (CREATE, REVOKE, TRANSFER)
- ✅ Target vault identification
- ✅ Error handling and logging
- ✅ Log retrieval functionality

## Testing
- Comprehensive test script included (`test-audit.js`)
- Validates all admin actions and audit logging
- Confirms log format compliance

## How to Test
1. Run the test script: `node test-audit.js`
2. Start the server: `npm start`
3. Test API endpoints with sample requests
4. Check audit log file: `backend/logs/audit.log`

## Labels
- compliance
- logging
- enhancement

Fixes #19
161 changes: 161 additions & 0 deletions PR_ADMIN_UPDATE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,161 @@
# 🔐 Feature: Admin Key Update with Two-Step Security Process

## 📋 Summary

Implements secure admin key rotation functionality for DAO multisig management. This feature provides a two-step process (propose → accept) to prevent accidental lockout while maintaining full audit trails and backward compatibility.

## 🎯 Acceptance Criteria Met

- ✅ **transfer_ownership(new_admin)** - Immediate transfer for backward compatibility
- ✅ **Two-step process**: propose_new_admin → accept_ownership to prevent accidental lockout
- ✅ **24-hour expiration** on pending proposals
- ✅ **Full audit logging** for all admin actions
- ✅ **Contract-specific and global** admin management

## 🔧 What's Included

### Core Admin Service (`src/services/adminService.js`)

#### 🛡️ Security Features
- **Two-Step Process**: `propose_new_admin` → `accept_ownership` prevents lockout
- **Time-Limited Proposals**: 24-hour expiration on pending transfers
- **Address Validation**: Comprehensive Ethereum address validation
- **Audit Trail**: Complete logging of all admin actions

#### 🔄 Admin Functions
- **`proposeNewAdmin(currentAdmin, newAdmin, contract?)`**: Create pending transfer proposal
- **`acceptOwnership(newAdmin, transferId)`**: Complete the transfer process
- **`transferOwnership(currentAdmin, newAdmin, contract?)`**: Immediate transfer (backward compatibility)
- **`getPendingTransfers(contract?)`**: View pending admin transfers

### API Endpoints

| Endpoint | Method | Description |
|----------|--------|-------------|
| `/api/admin/propose-new-admin` | POST | Propose new admin (creates pending transfer) |
| `/api/admin/accept-ownership` | POST | Accept ownership and complete transfer |
| `/api/admin/transfer-ownership` | POST | Immediate transfer (backward compatibility) |
| `/api/admin/pending-transfers` | GET | View pending admin transfers |

### Security Model

#### Two-Step Transfer Process
```javascript
// Step 1: Current admin proposes new admin
const proposal = await adminService.proposeNewAdmin(
'0x1234...', // current admin
'0x5678...', // proposed admin
'0xabcd...' // optional contract address
);

// Step 2: Proposed admin accepts ownership
const transfer = await adminService.acceptOwnership(
'0x5678...', // new admin (must match proposal)
proposal.transferId
);
```

#### Immediate Transfer (Backward Compatibility)
```javascript
// Direct transfer for emergency situations
const transfer = await adminService.transferOwnership(
'0x1234...', // current admin
'0x5678...', // new admin
'0xabcd...' // optional contract address
);
```

## 🧪 Testing

### Comprehensive Test Suite (`test/adminKeyManagement.test.js`)
- ✅ **Global Admin Transfers**: Test system-wide admin changes
- ✅ **Contract-Specific Transfers**: Test per-contract admin management
- ✅ **Two-Step Flow**: Complete proposal → acceptance workflow
- ✅ **Error Handling**: Invalid addresses, expired proposals, wrong transfer IDs
- ✅ **Backward Compatibility**: Immediate transfer functionality
- ✅ **Audit Verification**: Confirm all actions are logged

### Test Coverage
```bash
# Run admin key management tests
node test/adminKeyManagement.test.js
```

## 📚 API Usage Examples

### Propose New Admin
```bash
curl -X POST http://localhost:3000/api/admin/propose-new-admin \
-H "Content-Type: application/json" \
-d '{
"currentAdminAddress": "0x1234567890123456789012345678901234567890",
"newAdminAddress": "0x9876543210987654321098765432109876543210",
"contractAddress": "0xabcdef1234567890abcdef1234567890abcdef1234"
}'
```

### Accept Ownership
```bash
curl -X POST http://localhost:3000/api/admin/accept-ownership \
-H "Content-Type: application/json" \
-d '{
"newAdminAddress": "0x9876543210987654321098765432109876543210",
"transferId": "global_1642694400000"
}'
```

### Immediate Transfer (Backward Compatibility)
```bash
curl -X POST http://localhost:3000/api/admin/transfer-ownership \
-H "Content-Type: application/json" \
-d '{
"currentAdminAddress": "0x1234567890123456789012345678901234567890",
"newAdminAddress": "0x9876543210987654321098765432109876543210"
}'
```

## 🔒 Security & Compliance

### Anti-Lockout Protection
- **Two-Step Verification**: Prevents accidental admin lockout
- **Time-Bound Proposals**: 24-hour expiration prevents stale transfers
- **Address Validation**: Comprehensive input validation
- **Audit Logging**: Complete traceability of all admin actions

### Error Handling
- **Invalid Addresses**: Rejects malformed Ethereum addresses
- **Duplicate Admins**: Prevents proposing same admin as current
- **Expired Proposals**: Automatically cleans up expired transfers
- **Transfer ID Validation**: Ensures only valid transfers can be accepted

## 📋 Breaking Changes

None. This is a purely additive feature that maintains full backward compatibility.

## 🔧 Dependencies

No new dependencies required. Uses existing Express.js framework and audit logging system.

## 🎯 Impact

This implementation directly addresses **Issue 16: [Admin] Update Admin Key** and provides:

- ✅ **Security**: Two-step process prevents accidental lockout
- ✅ **Flexibility**: Supports both global and contract-specific admin management
- ✅ **Auditability**: Complete audit trail for compliance
- ✅ **Backward Compatibility**: Immediate transfer option available
- ✅ **Reliability**: Comprehensive error handling and validation

## 📞 Support

For questions or issues:
1. Review the test suite for usage examples
2. Check audit logs via `/api/admin/audit-logs` endpoint
3. Monitor pending transfers via `/api/admin/pending-transfers` endpoint
4. Verify all admin addresses are valid Ethereum addresses

---

**Resolves**: #16 - [Admin] Update Admin Key
**Priority**: High
**Labels**: governance, security, enhancement
46 changes: 46 additions & 0 deletions PR_DESCRIPTION.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
## Summary
Implements vesting "cliffs" on top-ups functionality, allowing vaults to add funds with independent cliff periods. When funds are added to an existing vault (top-up), a new cliff can be defined specifically for those new tokens using a SubSchedule system.

## Changes Made
- **Database Models**:
- `SubSchedule` model for managing multiple vesting schedules per vault
- Each top-up creates its own sub-schedule with independent cliff configuration
- Proper relationships and foreign key constraints
- **Database Migration**: SQL migration for vaults and sub_schedules tables with indexes
- **Backend Services**:
- `VestingService` with methods: `createVault()`, `topUpVault()`, `calculateReleasableAmount()`, `releaseTokens()`
- `AdminService` integration for vault management operations
- `IndexingService` updates for blockchain event processing
- **API Endpoints**:
- `POST /api/vault/top-up` - Top-up vault with cliff configuration
- `GET /api/vault/:vaultAddress/details` - Get vault with sub-schedules
- `GET /api/vault/:vaultAddress/releasable` - Calculate releasable amount
- `POST /api/vault/release` - Release tokens from vault
- `POST /api/indexing/top-up` - Process top-up blockchain events
- `POST /api/indexing/release` - Process release blockchain events
- **Testing**: Comprehensive test suite covering all vesting cliff functionality
- **Documentation**: Complete implementation documentation with API examples

## Key Features
- **Multiple Sub-Schedules**: Each top-up creates its own vesting schedule
- **Independent Cliffs**: Each sub-schedule can have its own cliff period
- **Pro-rata Releases**: Token releases are distributed proportionally across sub-schedules
- **Audit Trail**: All operations are logged for compliance
- **Blockchain Integration**: Indexing service handles on-chain events

## Acceptance Criteria
- ✅ **SubSchedule List**: Implemented SubSchedule model within Vault system
- ✅ **Complex Logic**: Handles multiple vesting schedules with independent cliffs
- ✅ **Stretch Goal**: Successfully implemented as complex feature with full functionality

## Testing
- Added comprehensive test suite in `backend/test/vesting-topup.test.js`
- Covers sub-schedule creation, cliff calculations, integration scenarios
- All tests passing

## Documentation
- Created detailed documentation in `VESTING_CLIFFS_IMPLEMENTATION.md`
- Includes API examples, usage patterns, and database schema
- Complete implementation reference

Closes #19
Loading