📌 Description
commitment_nft::transfer (line ~915) moves a commitment NFT, but the interaction
between transfers and the underlying active commitment in commitment_core is
security-sensitive: transferring an NFT effectively transfers a liquidity obligation.
docs/commitment_nft/SETTLEMENT_AUTHORIZATION.md describes the authorization model,
yet transfer-of-active-commitment authorization is not fully tested.
This issue adds authorization and ownership-consistency tests for transfers.
🎯 Requirements and Context
- Assert only the current owner (
require_auth) can transfer; non-owner transfer rejected.
- Assert
balance_of, owner_of, and get_nfts_by_owner stay consistent after transfer.
- Assert transfer of an inactive/settled token behaves per the documented policy.
- Assert
is_authorized contracts can/cannot transfer per the access-control model.
🛠️ Suggested Execution
1. Fork the repo and create a branch
git checkout -b test/nft-transfer-auth
2. Implement changes
- Add tests to
contracts/commitment_nft/src/tests.rs.
- Cross-reference
docs/commitment_nft/SETTLEMENT_AUTHORIZATION.md.
3. Test and commit
- Run:
cargo test --target wasm32v1-none --release
- Edge cases: owner transfer, non-owner rejected, settled-token transfer, balance/owner consistency.
Example commit message
test: transfer-authorization coverage for commitment_nft
✅ Guidelines
- Minimum 95% test coverage on the transfer path.
- Document the authorization scenarios.
- Timeframe: 96 hours.
🏷️ Labels
type-testing · type-security · area-contracts · MAYBE REWARDED · GRANTFOX OSS · OFFICIAL CAMPAIGN
💬 Community & Support
- Join the CommitLabs contributor Discord to coordinate and get unblocked fast: https://discord.gg/WV7tdYkJk
- Introduce yourself before starting to avoid duplicate work.
- Maintainers triage actively and review fast.
📌 Description
commitment_nft::transfer(line ~915) moves a commitment NFT, but the interactionbetween transfers and the underlying active commitment in
commitment_coreissecurity-sensitive: transferring an NFT effectively transfers a liquidity obligation.
docs/commitment_nft/SETTLEMENT_AUTHORIZATION.mddescribes the authorization model,yet transfer-of-active-commitment authorization is not fully tested.
This issue adds authorization and ownership-consistency tests for transfers.
🎯 Requirements and Context
require_auth) can transfer; non-owner transfer rejected.balance_of,owner_of, andget_nfts_by_ownerstay consistent after transfer.is_authorizedcontracts can/cannot transfer per the access-control model.🛠️ Suggested Execution
1. Fork the repo and create a branch
2. Implement changes
contracts/commitment_nft/src/tests.rs.docs/commitment_nft/SETTLEMENT_AUTHORIZATION.md.3. Test and commit
cargo test --target wasm32v1-none --releaseExample commit message
✅ Guidelines
🏷️ Labels
type-testing·type-security·area-contracts·MAYBE REWARDED·GRANTFOX OSS·OFFICIAL CAMPAIGN💬 Community & Support