📌 Description
price_oracle defines a rich OracleError enum, but internal helpers such as
read_admin and require_whitelisted in contracts/price_oracle/src/lib.rs use bare
panic!("Contract not initialized") / panic!("Oracle not whitelisted") strings
instead of returning the structured OracleError::NotInitialized /
OracleError::Unauthorized. This makes off-chain decoding inconsistent with the rest
of the workspace, which emits structured errors.
This issue replaces the bare panics with structured error propagation.
🎯 Requirements and Context
- Convert
read_admin/require_whitelisted and any other bare-panic helpers to return/propagate OracleError.
- Public entrypoints must surface the typed error code so observers can decode it like other crates'
emit_error_event flows.
- Preserve the existing failure semantics (same conditions still fail).
- No behavioural change to successful paths.
🛠️ Suggested Execution
1. Fork the repo and create a branch
git checkout -b security/oracle-structured-errors
2. Implement changes
- Refactor the helpers and propagate
Result<_, OracleError> in contracts/price_oracle/src/lib.rs with /// docs.
- Update
docs/ERROR_EVENTS.md and docs/price_oracle/admin_controls.md.
3. Test and commit
- Extend
contracts/price_oracle/src/tests.rs to assert typed errors.
- Run:
cargo test --target wasm32v1-none --release
- Edge cases: uninitialized read, non-whitelisted setter, admin-only setters, error-code stability.
Example commit message
fix: structured OracleError returns instead of bare panics
✅ Guidelines
- Minimum 95% test coverage on the refactored paths.
- Document the error-code mapping.
- Timeframe: 96 hours.
🏷️ Labels
type-security · type-refactor · area-contracts · MAYBE REWARDED · GRANTFOX OSS · OFFICIAL CAMPAIGN
💬 Community & Support
- Join the CommitLabs contributor Discord to coordinate and get unblocked fast: https://discord.gg/WV7tdYkJk
- Introduce yourself before starting to avoid duplicate work.
- Maintainers triage actively and review fast.
📌 Description
price_oracledefines a richOracleErrorenum, but internal helpers such asread_adminandrequire_whitelistedincontracts/price_oracle/src/lib.rsuse barepanic!("Contract not initialized")/panic!("Oracle not whitelisted")stringsinstead of returning the structured
OracleError::NotInitialized/OracleError::Unauthorized. This makes off-chain decoding inconsistent with the restof the workspace, which emits structured errors.
This issue replaces the bare panics with structured error propagation.
🎯 Requirements and Context
read_admin/require_whitelistedand any other bare-panic helpers to return/propagateOracleError.emit_error_eventflows.🛠️ Suggested Execution
1. Fork the repo and create a branch
2. Implement changes
Result<_, OracleError>incontracts/price_oracle/src/lib.rswith///docs.docs/ERROR_EVENTS.mdanddocs/price_oracle/admin_controls.md.3. Test and commit
contracts/price_oracle/src/tests.rsto assert typed errors.cargo test --target wasm32v1-none --releaseExample commit message
✅ Guidelines
🏷️ Labels
type-security·type-refactor·area-contracts·MAYBE REWARDED·GRANTFOX OSS·OFFICIAL CAMPAIGN💬 Community & Support