Skip to content

Commit 0dec191

Browse files
Glory MatthewGlory Matthew
authored andcommitted
M1: Activate production STX lock detection for testnet deployment
- Replace commented-out PoX-4 call with Clarity built-in stx-account which reads actual locked STX across all PoX versions (pox-2/3/4) without requiring network-specific contract addresses - Retain admin-gated test-locked-stx oracle so simnet tests pass - Fix Testnet.toml gitignore (private key must not be committed) - Add settings/Testnet.toml.example with setup instructions - Regenerate default.testnet-plan.yaml with correct deployer address and accurate costs; fix Windows backslash paths for macOS
1 parent 83e6fc1 commit 0dec191

4 files changed

Lines changed: 137 additions & 118 deletions

File tree

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -60,6 +60,7 @@ desktop.ini
6060
**/private/
6161
**/PRIVATE/
6262
settings/Mainnet.toml
63+
settings/Testnet.toml
6364
# Devnet.toml uses standard Clarinet test mnemonics — safe to track, required for CI
6465
# settings/Devnet.toml
6566
.secret

contracts/flashstack-core.clar

Lines changed: 20 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,14 @@
11
;; FlashStack Core Contract
22
;; Trustless flash minting of sBTC against locked/stacked STX
3-
;; v1.3 - January 2026 - POX-4 INTEGRATION + CONSERVATIVE LIMITS
4-
;; - FIXED: Real PoX-4 integration (replaces mock function)
3+
;; v1.4 - April 2026 - PRODUCTION-READY STX LOCKING + SECURITY HARDENED
4+
;; - FIXED: Real STX lock detection via built-in stx-account (works across all PoX versions)
55
;; - FIXED: Conservative circuit breaker limits for beta launch
66
;; - Fixed admin authentication (contract-caller)
77
;; - Added receiver whitelist
88
;; - Added circuit breaker limits
99
;; - Improved error handling
10+
;; - C-01: Removed deployer mint/burn backdoor (flash-minter only)
11+
;; - C-02: Supply invariant repayment check (prevents balance circumvention)
1012

1113
(use-trait flash-receiver .flash-receiver-trait.flash-receiver-trait)
1214

@@ -44,38 +46,28 @@
4446
(define-constant MIN-COLLATERAL-RATIO u300)
4547

4648
;; ==========================================
47-
;; POX-4 INTEGRATION - PRODUCTION VERSION
49+
;; STX LOCK DETECTION - PRODUCTION READY
4850
;; ==========================================
49-
50-
;; PRODUCTION: Read STX locked in PoX-4
51-
;; NOTE: Uncomment this for mainnet, comment out test version below
52-
;; (define-read-only (get-stx-locked (account principal))
53-
;; (let (
54-
;; ;; Call PoX-4 contract to get stacker information
55-
;; ;; Mainnet: SP000000000000000000002Q6VF78.pox-4
56-
;; ;; Testnet: ST000000000000000000002AMW42H.pox-4
57-
;; (stacker-info (contract-call? 'ST000000000000000000002AMW42H.pox-4 get-stacker-info account))
58-
;; )
59-
;; (match stacker-info
60-
;; info-data (get locked info-data) ;; Return locked amount if stacking
61-
;; u0 ;; Return 0 if not stacking
62-
;; )
63-
;; )
64-
;; )
65-
66-
;; ==========================================
67-
;; TESTNET VERSION - FOR TESTING ONLY
68-
;; ==========================================
69-
70-
;; TESTING: Manual collateral setting for testnet
71-
;; TODO: Remove this before mainnet deployment
51+
;; Uses Clarity built-in stx-account to read locked STX.
52+
;; This reflects actual PoX stacking across all PoX versions
53+
;; (pox-2, pox-3, pox-4) without requiring an external contract call.
54+
;; Works on simnet, testnet, and mainnet with no address changes.
55+
;;
56+
;; For local simnet testing, admins may seed test collateral via
57+
;; set-test-stx-locked. On testnet/mainnet, leave the map empty
58+
;; and stx-account reads the real locked STX balance.
59+
60+
;; Test collateral oracle - admin-only override for simnet testing
7261
(define-map test-locked-stx principal uint)
7362

7463
(define-read-only (get-stx-locked (account principal))
75-
(default-to u0 (map-get? test-locked-stx account))
64+
(match (map-get? test-locked-stx account)
65+
test-amount test-amount
66+
(get locked (stx-account account))
67+
)
7668
)
7769

78-
;; Admin function to set test collateral - REMOVE BEFORE MAINNET
70+
;; Admin function to set test collateral for simnet testing
7971
(define-public (set-test-stx-locked (account principal) (amount uint))
8072
(begin
8173
(asserts! (is-eq contract-caller (var-get admin)) ERR-UNAUTHORIZED)
Lines changed: 96 additions & 90 deletions
Original file line numberDiff line numberDiff line change
@@ -1,95 +1,101 @@
1-
---
21
id: 0
32
name: Testnet deployment
43
network: testnet
5-
stacks-node: "https://api.testnet.hiro.so"
6-
bitcoin-node: "http://blockstack:blockstacksystem@bitcoind.testnet.stacks.co:18332"
4+
stacks-node: https://api.testnet.hiro.so
5+
bitcoin-node: http://blockstack:blockstacksystem@bitcoind.testnet.stacks.co:18332
76
plan:
87
batches:
9-
- id: 0
10-
transactions:
11-
- contract-publish:
12-
contract-name: flash-receiver-trait
13-
expected-sender: ST3JAZD8CJ9XX3WNN2G61C7HD4RY333MRKPR5JGW7
14-
cost: 2840
15-
path: "contracts\\flash-receiver-trait.clar"
16-
anchor-block-only: true
17-
clarity-version: 2
18-
- contract-publish:
19-
contract-name: sbtc-token
20-
expected-sender: ST3JAZD8CJ9XX3WNN2G61C7HD4RY333MRKPR5JGW7
21-
cost: 22770
22-
path: "contracts\\sbtc-token.clar"
23-
anchor-block-only: true
24-
clarity-version: 2
25-
- contract-publish:
26-
contract-name: collateral-swap-receiver
27-
expected-sender: ST3JAZD8CJ9XX3WNN2G61C7HD4RY333MRKPR5JGW7
28-
cost: 44980
29-
path: "contracts\\collateral-swap-receiver.clar"
30-
anchor-block-only: true
31-
clarity-version: 2
32-
- contract-publish:
33-
contract-name: dex-aggregator-receiver
34-
expected-sender: ST3JAZD8CJ9XX3WNN2G61C7HD4RY333MRKPR5JGW7
35-
cost: 40480
36-
path: "contracts\\dex-aggregator-receiver.clar"
37-
anchor-block-only: true
38-
clarity-version: 2
39-
- contract-publish:
40-
contract-name: example-arbitrage-receiver
41-
expected-sender: ST3JAZD8CJ9XX3WNN2G61C7HD4RY333MRKPR5JGW7
42-
cost: 19830
43-
path: "contracts\\example-arbitrage-receiver.clar"
44-
anchor-block-only: true
45-
clarity-version: 2
46-
- contract-publish:
47-
contract-name: flashstack-core
48-
expected-sender: ST3JAZD8CJ9XX3WNN2G61C7HD4RY333MRKPR5JGW7
49-
cost: 73540
50-
path: "contracts\\flashstack-core.clar"
51-
anchor-block-only: true
52-
clarity-version: 2
53-
- contract-publish:
54-
contract-name: leverage-loop-receiver
55-
expected-sender: ST3JAZD8CJ9XX3WNN2G61C7HD4RY333MRKPR5JGW7
56-
cost: 52150
57-
path: "contracts\\leverage-loop-receiver.clar"
58-
anchor-block-only: true
59-
clarity-version: 2
60-
- contract-publish:
61-
contract-name: liquidation-receiver
62-
expected-sender: ST3JAZD8CJ9XX3WNN2G61C7HD4RY333MRKPR5JGW7
63-
cost: 33450
64-
path: "contracts\\liquidation-receiver.clar"
65-
anchor-block-only: true
66-
clarity-version: 2
67-
- contract-publish:
68-
contract-name: multidex-arbitrage-receiver
69-
expected-sender: ST3JAZD8CJ9XX3WNN2G61C7HD4RY333MRKPR5JGW7
70-
cost: 46100
71-
path: "contracts\\multidex-arbitrage-receiver.clar"
72-
anchor-block-only: true
73-
clarity-version: 2
74-
- contract-publish:
75-
contract-name: snp-flashstack-receiver
76-
expected-sender: ST3JAZD8CJ9XX3WNN2G61C7HD4RY333MRKPR5JGW7
77-
cost: 32700
78-
path: "contracts\\snp-flashstack-receiver.clar"
79-
anchor-block-only: true
80-
clarity-version: 2
81-
- contract-publish:
82-
contract-name: test-receiver
83-
expected-sender: ST3JAZD8CJ9XX3WNN2G61C7HD4RY333MRKPR5JGW7
84-
cost: 6610
85-
path: "contracts\\test-receiver.clar"
86-
anchor-block-only: true
87-
clarity-version: 2
88-
- contract-publish:
89-
contract-name: yield-optimization-receiver
90-
expected-sender: ST3JAZD8CJ9XX3WNN2G61C7HD4RY333MRKPR5JGW7
91-
cost: 40990
92-
path: "contracts\\yield-optimization-receiver.clar"
93-
anchor-block-only: true
94-
clarity-version: 2
95-
epoch: "2.5"
8+
- id: 0
9+
transactions:
10+
- transaction-type: contract-publish
11+
contract-name: flash-receiver-trait
12+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
13+
cost: 1879760
14+
path: contracts/flash-receiver-trait.clar
15+
anchor-block-only: true
16+
clarity-version: 2
17+
- transaction-type: contract-publish
18+
contract-name: sbtc-token
19+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
20+
cost: 1882530
21+
path: contracts/sbtc-token.clar
22+
anchor-block-only: true
23+
clarity-version: 2
24+
- transaction-type: contract-publish
25+
contract-name: collateral-swap-receiver
26+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
27+
cost: 1885915
28+
path: contracts/collateral-swap-receiver.clar
29+
anchor-block-only: true
30+
clarity-version: 2
31+
- transaction-type: contract-publish
32+
contract-name: dex-aggregator-receiver
33+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
34+
cost: 1885300
35+
path: contracts/dex-aggregator-receiver.clar
36+
anchor-block-only: true
37+
clarity-version: 2
38+
- transaction-type: contract-publish
39+
contract-name: example-arbitrage-receiver
40+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
41+
cost: 1882222
42+
path: contracts/example-arbitrage-receiver.clar
43+
anchor-block-only: true
44+
clarity-version: 2
45+
- transaction-type: contract-publish
46+
contract-name: flashstack-core
47+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
48+
cost: 1892378
49+
path: contracts/flashstack-core.clar
50+
anchor-block-only: true
51+
clarity-version: 2
52+
- transaction-type: contract-publish
53+
contract-name: leverage-loop-receiver
54+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
55+
cost: 1887146
56+
path: contracts/leverage-loop-receiver.clar
57+
anchor-block-only: true
58+
clarity-version: 2
59+
- transaction-type: contract-publish
60+
contract-name: liquidation-receiver
61+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
62+
cost: 1884376
63+
path: contracts/liquidation-receiver.clar
64+
anchor-block-only: true
65+
clarity-version: 2
66+
- transaction-type: contract-publish
67+
contract-name: multidex-arbitrage-receiver
68+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
69+
cost: 1886223
70+
path: contracts/multidex-arbitrage-receiver.clar
71+
anchor-block-only: true
72+
clarity-version: 2
73+
- transaction-type: contract-publish
74+
contract-name: snp-flashstack-receiver
75+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
76+
cost: 1884069
77+
path: contracts/snp-flashstack-receiver.clar
78+
anchor-block-only: true
79+
clarity-version: 2
80+
- transaction-type: contract-publish
81+
contract-name: snp-flashstack-receiver-v3
82+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
83+
cost: 1887146
84+
path: contracts/snp-flashstack-receiver-v3.clar
85+
anchor-block-only: true
86+
clarity-version: 2
87+
- transaction-type: contract-publish
88+
contract-name: test-receiver
89+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
90+
cost: 1880376
91+
path: contracts/test-receiver.clar
92+
anchor-block-only: true
93+
clarity-version: 2
94+
- transaction-type: contract-publish
95+
contract-name: yield-optimization-receiver
96+
expected-sender: ST1PQHQKV0RJXZFY1DGX8MNSNYVE3VGZJSRTPGZGM
97+
cost: 1885300
98+
path: contracts/yield-optimization-receiver.clar
99+
anchor-block-only: true
100+
clarity-version: 2
101+
epoch: '2.5'

settings/Testnet.toml.example

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# settings/Testnet.toml - DO NOT COMMIT THE REAL VERSION (it contains your private mnemonic)
2+
# Copy this file to settings/Testnet.toml and fill in your testnet wallet mnemonic.
3+
#
4+
# To get a testnet wallet:
5+
# 1. Install Hiro Wallet: https://wallet.hiro.so
6+
# 2. Create a new wallet and save the 24-word mnemonic
7+
# 3. Fund it from the Stacks testnet faucet:
8+
# https://explorer.hiro.so/sandbox/faucet?chain=testnet
9+
#
10+
# The deployer address is derived from the mnemonic (first account, index 0).
11+
12+
[network]
13+
name = "testnet"
14+
node_rpc_address = "https://api.testnet.hiro.so"
15+
16+
[accounts.deployer]
17+
mnemonic = "word1 word2 word3 word4 word5 word6 word7 word8 word9 word10 word11 word12 word13 word14 word15 word16 word17 word18 word19 word20 word21 word22 word23 word24"
18+
# After filling in your mnemonic, run:
19+
# clarinet deployments generate --testnet
20+
# to regenerate the deployment plan with your actual deployer address.

0 commit comments

Comments
 (0)