lhumina_code/hero_ledger
24
0
Fork 1
Code Issues 11 Pull requests 2 Projects Releases 3 Packages 1 Wiki Activity Actions 1

Security audit fixes — 28 issues across SDK, contracts, and infrastructure #37

Closed
mik-tf wants to merge 4 commits from development_security_fixes into development
pull from: development_security_fixes
merge into: lhumina_code:development
Conversation 6 Commits 4 Files changed 29 +1073 -121
mik-tf commented 2026-02-26 16:41:22 +00:00
Owner
Copy link

Summary

Implements security fixes identified by a consolidated audit (SECURITY_AUDIT_V2.md) that synthesized findings from 8 independent AI security audit reports, covering 58 total findings with 28 fixes implemented in this PR.

25 files changed — 332 insertions, 117 deletions.

Phase 0: Fix Broken SDK (CRIT-01, CRIT-02, CRIT-03)

These are blocking bugs — the SDK literally cannot work correctly without these fixes.

  • CRIT-01 — CreditClient wrong token wiring: The credit() factory method was passing gld_token instead of spore_token. The Credit Vault contract works with SPORE, not GLD. Fixed in src/sdk/mod.rs and src/sdk/credit/vault.rs.
  • CRIT-02 — spend() ABI mismatch: The SDK spend() method was missing the payee parameter and used description instead of memo, not matching the contract's actual signature. Fixed in src/sdk/credit/vault.rs, src/cli/cli/credit.rs, src/cli/cli/execute.rs, src/cli/cmd.rs.
  • CRIT-03 — get_balance() calls non-existent method: Called get_balance which doesn't exist on the contract. Changed to use list_lines and sum balances across all lines. Fixed in src/sdk/credit/vault.rs.

Phase 1: Contract Data Integrity & Fund Safety

  • CRIT-04 — StorageKey collision in Credit contract: All nested Vector::new() and LookupMap::new() calls used the same static prefix, causing data corruption across different users' lines. Added parameterized StorageKey variants: LineIndexByOwner(AccountId), ApprovalIndexByKey(AccountId, u64). Fixed in contracts/credit/src/lib.rs.
  • CRIT-05 — ft_on_transfer panics on bad input: Changed signature to use U128 and PromiseOrValue<U128> per NEP-141 standard. Bad payloads now refund tokens instead of panicking. Fixed in contracts/credit/src/lib.rs.
  • HIGH-01/02 — DNS missing cross-contract callbacks: claim_refund and withdraw_fees had no callbacks, so failed token transfers silently lost funds. Added on_refund_complete and on_fee_withdraw_complete with proper rollback. Fixed in contracts/dns/src/lib.rs.
  • HIGH-03 — Faucet no access control: Anyone could call fund_account. Added authorized_relayers: UnorderedSet<AccountId> with add_relayer/remove_relayer admin methods. Fixed in contracts/faucet/src/lib.rs.
  • HIGH-04 — Hosting SLA forgery: sla_settle_period had no caller verification. Added admin field and admin-only check. Fixed in contracts/hosting/src/lib.rs.
  • HIGH-06 — Validator key file permissions: Key files written as world-readable. Added chmod 0600 after writes. Fixed in src/provision/config.rs, src/cluster_manager/cluster.rs.
  • MED-09 — SPOREX callback panics: amount.parse().expect() in withdrawal callbacks. Replaced with safe match handling. Fixed in contracts/sporex/src/lib.rs.

Phase 2: Supply Chain & Network Security

  • CRIT-06 — Unpinned git dependencies: All 5 git deps used branch = \"development\", allowing supply chain attacks. Pinned to specific commit hashes. Fixed in Cargo.toml.
  • HIGH-07 — Vault secret in service config: Secret exposed as env var in systemd config. Now written to a file with 0600 perms and referenced via EnvironmentFile. Fixed in src/provision/relayer_service.rs.
  • HIGH-08 — HTTP URLs for non-localhost networks: Dev/test network URLs used plain HTTP. Changed to HTTPS. Fixed in src/sdk/network.rs.
  • HIGH-09 — f64 arithmetic for NEAR amounts: (deposit_near * 1e24) as u128 loses precision. Replaced with integer-based whole/fractional split. Fixed in src/sdk/client.rs.
  • HIGH-11 — CLI secrets in shell history: --secret-key and --mnemonic visible in process list. Added stdin prompting when not provided as args. Fixed in src/bin/heroledger.rs.
  • MED-10 — Fake transaction hash: format!(\"deployed:{}\") returned as tx hash. Changed to clearly indicate no real hash. Fixed in src/sdk/contract_builder.rs.
  • MED-15 — Account Debug exposes private key: Custom Debug impl now redacts private_key. Fixed in src/sdk/mod.rs.
  • MED-16 — Docker image pinning: Added TODO comment for SHA pinning. Fixed in docker/Dockerfile.builder.

Phase 3: Hardening & Mainnet Readiness

  • CRIT-07/08 — Rhai RCE vectors: Removed run_command, run_command_output, and env_var functions from Rhai engine. Fixed in src/rhai/mod.rs.
  • HIGH-05 — SPOREX admin withdrawal: Added admin_withdraw_usdh and admin_withdraw_gld methods. Fixed in contracts/sporex/src/lib.rs.
  • MED-01 — Credit rate limit rollback: On spend failure, usage window counters are now decremented. Fixed in contracts/credit/src/lib.rs.
  • MED-03 — CORS restriction: Changed relayer from allow_methods(Any).allow_headers(Any) to specific [GET, POST] and [CONTENT_TYPE]. Fixed in src/cli/relayer.rs.
  • MED-05 — Groups HashSet: Added WARNING comments about full deserialization cost (migration concern, see future work). In contracts/groups/src/lib.rs.
  • MED-06 — Marketplace integer rounding: Changed to ceiling division to prevent rounding down to zero. Fixed in contracts/marketplace/src/lib.rs.
  • MED-07 — SPOREX reserve accounting: Exchange functions now decrement reserves properly. Fixed in contracts/sporex/src/lib.rs.
  • MED-17 — DNS auction griefing penalty: 10% penalty on unclaimed auction bids. Fixed in contracts/dns/src/lib.rs.

Build & Test Verification

  • cargo check — passes (main crate + all features)
  • cargo check --target wasm32-unknown-unknown — passes for all 7 modified contracts
  • cargo test95 passed, 0 failed, 21 ignored

Left for Future Work

ID Issue Reason Deferred
MED-02 Credit assert_one_yocto → storage deposit calculation Requires careful storage cost analysis per operation; low exploit risk since 1 yocto still prevents cross-contract calls
MED-05 Groups HashSet → NEAR UnorderedSet Requires contract state migration strategy
MED-16 Docker SHA pinning Requires looking up exact digest for the base image; added TODO
Redis authentication for relayer cache External infrastructure change
Sliding window rate limiting (credit) Current fixed-window approach works; sliding window is an optimization
vault_wipe removal from Rhai Function lives in external herolib_vault crate
Integration tests for callback rollback paths Requires NEAR sandbox test harness setup

Reference

Full audit details in SECURITY_AUDIT_V2.md included in this PR.

Test plan

  • cargo check passes
  • All 7 modified contracts compile for wasm32
  • cargo test — 95 passed, 0 failed
  • Manual testing of credit deposit/withdraw/spend flow on devnet
  • Manual testing of DNS claim_refund callback rollback
  • Manual testing of faucet relayer access control
  • Review by team for contract migration implications (faucet state, hosting state)
## Summary Implements security fixes identified by a consolidated audit (`SECURITY_AUDIT_V2.md`) that synthesized findings from **8 independent AI security audit reports**, covering **58 total findings** with **28 fixes implemented** in this PR. **25 files changed** — 332 insertions, 117 deletions. --- ## Phase 0: Fix Broken SDK (CRIT-01, CRIT-02, CRIT-03) These are blocking bugs — the SDK literally cannot work correctly without these fixes. - **CRIT-01 — CreditClient wrong token wiring**: The `credit()` factory method was passing `gld_token` instead of `spore_token`. The Credit Vault contract works with SPORE, not GLD. Fixed in `src/sdk/mod.rs` and `src/sdk/credit/vault.rs`. - **CRIT-02 — spend() ABI mismatch**: The SDK `spend()` method was missing the `payee` parameter and used `description` instead of `memo`, not matching the contract's actual signature. Fixed in `src/sdk/credit/vault.rs`, `src/cli/cli/credit.rs`, `src/cli/cli/execute.rs`, `src/cli/cmd.rs`. - **CRIT-03 — get_balance() calls non-existent method**: Called `get_balance` which doesn't exist on the contract. Changed to use `list_lines` and sum balances across all lines. Fixed in `src/sdk/credit/vault.rs`. ## Phase 1: Contract Data Integrity & Fund Safety - **CRIT-04 — StorageKey collision in Credit contract**: All nested `Vector::new()` and `LookupMap::new()` calls used the same static prefix, causing data corruption across different users' lines. Added parameterized `StorageKey` variants: `LineIndexByOwner(AccountId)`, `ApprovalIndexByKey(AccountId, u64)`. Fixed in `contracts/credit/src/lib.rs`. - **CRIT-05 — ft_on_transfer panics on bad input**: Changed signature to use `U128` and `PromiseOrValue<U128>` per NEP-141 standard. Bad payloads now refund tokens instead of panicking. Fixed in `contracts/credit/src/lib.rs`. - **HIGH-01/02 — DNS missing cross-contract callbacks**: `claim_refund` and `withdraw_fees` had no callbacks, so failed token transfers silently lost funds. Added `on_refund_complete` and `on_fee_withdraw_complete` with proper rollback. Fixed in `contracts/dns/src/lib.rs`. - **HIGH-03 — Faucet no access control**: Anyone could call `fund_account`. Added `authorized_relayers: UnorderedSet<AccountId>` with `add_relayer`/`remove_relayer` admin methods. Fixed in `contracts/faucet/src/lib.rs`. - **HIGH-04 — Hosting SLA forgery**: `sla_settle_period` had no caller verification. Added `admin` field and admin-only check. Fixed in `contracts/hosting/src/lib.rs`. - **HIGH-06 — Validator key file permissions**: Key files written as world-readable. Added `chmod 0600` after writes. Fixed in `src/provision/config.rs`, `src/cluster_manager/cluster.rs`. - **MED-09 — SPOREX callback panics**: `amount.parse().expect()` in withdrawal callbacks. Replaced with safe `match` handling. Fixed in `contracts/sporex/src/lib.rs`. ## Phase 2: Supply Chain & Network Security - **CRIT-06 — Unpinned git dependencies**: All 5 git deps used `branch = \"development\"`, allowing supply chain attacks. Pinned to specific commit hashes. Fixed in `Cargo.toml`. - **HIGH-07 — Vault secret in service config**: Secret exposed as env var in systemd config. Now written to a file with 0600 perms and referenced via `EnvironmentFile`. Fixed in `src/provision/relayer_service.rs`. - **HIGH-08 — HTTP URLs for non-localhost networks**: Dev/test network URLs used plain HTTP. Changed to HTTPS. Fixed in `src/sdk/network.rs`. - **HIGH-09 — f64 arithmetic for NEAR amounts**: `(deposit_near * 1e24) as u128` loses precision. Replaced with integer-based whole/fractional split. Fixed in `src/sdk/client.rs`. - **HIGH-11 — CLI secrets in shell history**: `--secret-key` and `--mnemonic` visible in process list. Added stdin prompting when not provided as args. Fixed in `src/bin/heroledger.rs`. - **MED-10 — Fake transaction hash**: `format!(\"deployed:{}\")` returned as tx hash. Changed to clearly indicate no real hash. Fixed in `src/sdk/contract_builder.rs`. - **MED-15 — Account Debug exposes private key**: Custom `Debug` impl now redacts `private_key`. Fixed in `src/sdk/mod.rs`. - **MED-16 — Docker image pinning**: Added TODO comment for SHA pinning. Fixed in `docker/Dockerfile.builder`. ## Phase 3: Hardening & Mainnet Readiness - **CRIT-07/08 — Rhai RCE vectors**: Removed `run_command`, `run_command_output`, and `env_var` functions from Rhai engine. Fixed in `src/rhai/mod.rs`. - **HIGH-05 — SPOREX admin withdrawal**: Added `admin_withdraw_usdh` and `admin_withdraw_gld` methods. Fixed in `contracts/sporex/src/lib.rs`. - **MED-01 — Credit rate limit rollback**: On spend failure, usage window counters are now decremented. Fixed in `contracts/credit/src/lib.rs`. - **MED-03 — CORS restriction**: Changed relayer from `allow_methods(Any).allow_headers(Any)` to specific `[GET, POST]` and `[CONTENT_TYPE]`. Fixed in `src/cli/relayer.rs`. - **MED-05 — Groups HashSet**: Added WARNING comments about full deserialization cost (migration concern, see future work). In `contracts/groups/src/lib.rs`. - **MED-06 — Marketplace integer rounding**: Changed to ceiling division to prevent rounding down to zero. Fixed in `contracts/marketplace/src/lib.rs`. - **MED-07 — SPOREX reserve accounting**: Exchange functions now decrement reserves properly. Fixed in `contracts/sporex/src/lib.rs`. - **MED-17 — DNS auction griefing penalty**: 10% penalty on unclaimed auction bids. Fixed in `contracts/dns/src/lib.rs`. --- ## Build & Test Verification - `cargo check` — passes (main crate + all features) - `cargo check --target wasm32-unknown-unknown` — passes for all 7 modified contracts - `cargo test` — **95 passed, 0 failed**, 21 ignored --- ## Left for Future Work | ID | Issue | Reason Deferred | |---|---|---| | MED-02 | Credit `assert_one_yocto` → storage deposit calculation | Requires careful storage cost analysis per operation; low exploit risk since 1 yocto still prevents cross-contract calls | | MED-05 | Groups `HashSet` → NEAR `UnorderedSet` | Requires contract state migration strategy | | MED-16 | Docker SHA pinning | Requires looking up exact digest for the base image; added TODO | | — | Redis authentication for relayer cache | External infrastructure change | | — | Sliding window rate limiting (credit) | Current fixed-window approach works; sliding window is an optimization | | — | `vault_wipe` removal from Rhai | Function lives in external `herolib_vault` crate | | — | Integration tests for callback rollback paths | Requires NEAR sandbox test harness setup | --- ## Reference Full audit details in `SECURITY_AUDIT_V2.md` included in this PR. ## Test plan - [x] `cargo check` passes - [x] All 7 modified contracts compile for wasm32 - [x] `cargo test` — 95 passed, 0 failed - [ ] Manual testing of credit deposit/withdraw/spend flow on devnet - [ ] Manual testing of DNS claim_refund callback rollback - [ ] Manual testing of faucet relayer access control - [ ] Review by team for contract migration implications (faucet state, hosting state)
fix: security audit fixes — 28 issues across SDK, contracts, and infra
Some checks failed
Bootstrap Test / bootstrap (push) Failing after 2s
Details
Test / build-and-test (pull_request) Successful in 5m13s
Details
Bootstrap Test / bootstrap (pull_request) Failing after 3s
Details
Test / build-and-test (push) Successful in 5m5s
Details
40bec38d90 
Implements fixes from consolidated security audit (SECURITY_AUDIT_V2.md)
synthesizing findings from 8 independent AI audit reports (58 total findings).

Phase 0 — Broken SDK (CRIT-01..03):
- CreditClient: wrong token wiring (gld→spore), spend() ABI mismatch,
  get_balance() calling non-existent method

Phase 1 — Contract Integrity (CRIT-04..05, HIGH-01..04, HIGH-06, MED-09):
- Credit: StorageKey collision (parameterized prefixes), ft_on_transfer
  graceful error handling with refund
- DNS: cross-contract callback safety for claim_refund/withdraw_fees
- Faucet: access control via authorized_relayers
- Hosting: admin-only SLA settlement
- Validator key file permissions (0600)
- SPOREX: callback panic prevention

Phase 2 — Supply Chain & Network (CRIT-06, HIGH-07..09, HIGH-11, MED-10,15,16):
- Pin all git dependencies to commit hashes
- HTTPS for non-localhost network URLs
- Vault secret file-based instead of env var
- f64 precision fix for NEAR amounts
- CLI stdin prompting for secrets
- Account Debug redacts private_key

Phase 3 — Hardening (CRIT-07..08, HIGH-05, MED-01,03,05,06,07,17):
- Remove Rhai RCE vectors (run_command, env_var)
- SPOREX admin withdrawal + reserve accounting
- Credit rate limit rollback on spend failure
- CORS restriction, marketplace ceiling division
- DNS auction griefing penalty

Build: cargo check passes, 95 tests pass, 0 failures.
See SECURITY_AUDIT_V2.md for full audit details.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
mik-tf changed title from WIP: Security audit fixes — 28 issues across SDK, contracts, and infrastructure to Security audit fixes — 28 issues across SDK, contracts, and infrastructure 2026-02-26 16:46:03 +00:00
mik-tf changed title from Security audit fixes — 28 issues across SDK, contracts, and infrastructure to WIP: Security audit fixes — 28 issues across SDK, contracts, and infrastructure 2026-02-26 16:46:13 +00:00
fix(ci): remove broken geomind_dev_docs gitlink
Some checks failed
Bootstrap Test / bootstrap (pull_request) Failing after 9s
Details
Test / build-and-test (push) Successful in 7m52s
Details
Test / build-and-test (pull_request) Successful in 7m52s
Details
Bootstrap Test / bootstrap (push) Failing after 8s
Details
937b216389 
The directory was registered as a submodule (gitlink 160000) but had no
.gitmodules entry, causing bootstrap CI to fail on checkout with
"No url found for submodule path 'geomind_dev_docs'".
fix(ci): fix bootstrap workflow — zinit URL and trigger scope
Some checks failed
Bootstrap Test / bootstrap (pull_request) Failing after 7s
Details
Test / build-and-test (push) Successful in 5m33s
Details
Test / build-and-test (pull_request) Successful in 5m54s
Details
e8538dd5e8 
- Replace broken Forgejo package URL for zinit with GitHub install script
- Restrict triggers to development/main branches + PRs (was branches: ["*"])
- Add workflow_dispatch for manual triggering
mik-tf commented 2026-02-26 17:16:40 +00:00
Author
Owner
Copy link

CI status: 2/3 passing

  • Test / build-and-test (push): pass
  • Test / build-and-test (pull_request): pass
  • Bootstrap Test (pull_request): fail — pre-existing issue, not caused by this PR

The bootstrap failure is because the zinit download URL on development's workflow returns 404 (forge.ourworld.tf/api/packages/geomind_code/generic/zinit/dev/zinit-linux-amd64). This PR includes a fix (commit e8538dd) that switches to a working install source, but Forgejo uses the base branch's workflow file for pull_request events — so the fix only takes effect after merge.

Also fixed in this PR: removed broken geomind_dev_docs gitlink (registered as submodule with no .gitmodules entry) and scoped bootstrap triggers to development/main only (was branches: ["*"]).

**CI status: 2/3 passing** - **Test / build-and-test (push)**: pass - **Test / build-and-test (pull_request)**: pass - **Bootstrap Test (pull_request)**: fail — pre-existing issue, not caused by this PR The bootstrap failure is because the zinit download URL on `development`'s workflow returns 404 (`forge.ourworld.tf/api/packages/geomind_code/generic/zinit/dev/zinit-linux-amd64`). This PR includes a fix (commit `e8538dd`) that switches to a working install source, but Forgejo uses the **base branch's workflow file** for `pull_request` events — so the fix only takes effect after merge. Also fixed in this PR: removed broken `geomind_dev_docs` gitlink (registered as submodule with no `.gitmodules` entry) and scoped bootstrap triggers to `development`/`main` only (was `branches: ["*"]`).
fix(ci): disable bootstrap workflow — zinit package never published
All checks were successful
Test / build-and-test (push) Successful in 5m16s
Details
Test / build-and-test (pull_request) Successful in 5m16s
Details
eb7427b3e3 
Bootstrap has never passed on any branch (checked full history).
The zinit binary package at forge.ourworld.tf/api/packages/geomind_code/generic/zinit/dev
does not exist. Disabling until the package is published.

Re-enable by renaming bootstrap.yaml.disabled back to bootstrap.yaml.
mik-tf commented 2026-02-26 17:24:27 +00:00
Author
Owner
Copy link

CI status: all green (2/2)

  • Test / build-and-test (push): pass
  • Test / build-and-test (pull_request): pass

Bootstrap workflow was disabled — it has never passed on any branch (the zinit binary package at forge.ourworld.tf/api/packages/geomind_code/generic/zinit/dev was never published). Renamed to bootstrap.yaml.disabled. Re-enable once the zinit package is available.

Also fixed: removed broken geomind_dev_docs gitlink, scoped workflow triggers to development/main only.

**CI status: all green (2/2)** - Test / build-and-test (push): pass - Test / build-and-test (pull_request): pass Bootstrap workflow was disabled — it has never passed on any branch (the zinit binary package at `forge.ourworld.tf/api/packages/geomind_code/generic/zinit/dev` was never published). Renamed to `bootstrap.yaml.disabled`. Re-enable once the zinit package is available. Also fixed: removed broken `geomind_dev_docs` gitlink, scoped workflow triggers to `development`/`main` only.
mik-tf commented 2026-02-26 17:46:52 +00:00
Author
Owner
Copy link

Bootstrap workflow note

The bootstrap workflow is disabled in this PR because zinit binaries were never published to the Forge package registry. The build-linux CI on zinit has a bug (missing musl target).

Fix is in zinit PR #20. Once that's merged, the zinit packages will be published automatically, and the bootstrap workflow here can be re-enabled.

**Bootstrap workflow note** The bootstrap workflow is disabled in this PR because zinit binaries were never published to the Forge package registry. The build-linux CI on zinit has a bug (missing musl target). Fix is in [zinit PR #20](https://forge.ourworld.tf/geomind_code/zinit/pulls/20). Once that's merged, the zinit packages will be published automatically, and the bootstrap workflow here can be re-enabled.
mik-tf changed title from WIP: Security audit fixes — 28 issues across SDK, contracts, and infrastructure to Security audit fixes — 28 issues across SDK, contracts, and infrastructure 2026-02-26 17:47:48 +00:00
thabeta commented 2026-03-02 08:57:47 +00:00
Owner
Copy link

@mik-tf can you resolve the conflicts @scott @lee your input is needed here.

@mik-tf can you resolve the conflicts @scott @lee your input is needed here.
👍 1
mik-tf commented 2026-03-02 13:27:11 +00:00
Author
Owner
Copy link

@thabeta yes of course. One thing, Scott did a lot of changes since then, so it seems this PR is outdated. Checking to go against the current development so we have the latest state.

@thabeta yes of course. One thing, Scott did a lot of changes since then, so it seems this PR is outdated. Checking to go against the current development so we have the latest state.
mik-tf commented 2026-03-02 14:04:28 +00:00
Author
Owner
Copy link

Closing this PR.

Why: The development branch diverged significantly after this PR was opened — ~50 commits landed the same day, including an architectural shift (relayer → gateway). By the time the conflict was flagged, roughly half the original 28 fixes had been independently resolved on development, and the CORS fix (MED-03) needed to be retargeted from the deleted relayer.rs to the new src/gateway/mod.rs.

Rather than resolving conflicts against a codebase that has moved this far, we ran a fresh security audit against the current development HEAD. The new audit (SECURITY_AUDIT_V3.md) covers 71 findings (10 Critical, 20 High, 23 Medium, 18 Low) across all areas — contracts, gateway, SDK/CLI, Rhai engine, and infrastructure — including new attack surface in the gateway, email verification, and identity systems that did not exist at the time of the V2 audit.

A new issue and PR will be opened based on the V3 audit. All V2 findings that are still open are carried forward with updated IDs in V3.

Closing this PR. **Why:** The `development` branch diverged significantly after this PR was opened — ~50 commits landed the same day, including an architectural shift (relayer → gateway). By the time the conflict was flagged, roughly half the original 28 fixes had been independently resolved on `development`, and the CORS fix (MED-03) needed to be retargeted from the deleted `relayer.rs` to the new `src/gateway/mod.rs`. Rather than resolving conflicts against a codebase that has moved this far, we ran a fresh security audit against the current `development` HEAD. The new audit (`SECURITY_AUDIT_V3.md`) covers **71 findings** (10 Critical, 20 High, 23 Medium, 18 Low) across all areas — contracts, gateway, SDK/CLI, Rhai engine, and infrastructure — including new attack surface in the gateway, email verification, and identity systems that did not exist at the time of the V2 audit. A new issue and PR will be opened based on the V3 audit. All V2 findings that are still open are carried forward with updated IDs in V3.
mik-tf closed this pull request 2026-03-02 14:04:36 +00:00
All checks were successful
Test / build-and-test (push) Successful in 5m16s
Details
Test / build-and-test (pull_request) Successful in 5m16s
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
urgent
No labels
urgent
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
lee
scott
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
lhumina_code/hero_ledger!37
No description provided.