Audit feedback

[fondation451]

Audit feedback

We have implemented all the relevant feedback

• There was a security issue with redemption hash checking during execute_redemptions. We removed the loop and checked properly the status. We added a test to check the appropriate behavior
• We removed the unnecessary loop in the mint_batch operation
• We changed the redemption, permission manager and token addresses registrations from persistent to instance because it is linked to the contract life cycle.
• We extended the TTL of the persistence of redemption hash in the redemption contract which match our operational needs

[Copilot]

Pull Request Overview

This PR implements security and operational improvements based on audit feedback, focusing on storage durability changes and fixing redemption hash checking.

• Changed permission manager, redemption, and token address registrations from persistent to instance storage durability
• Fixed redemption hash checking logic in execute_redemptions by removing duplicate loop and proper status validation
• Extended TTL for redemption hash persistence to 60 days to match operational needs

Reviewed Changes

Copilot reviewed 43 out of 46 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
contracts/token/src/contract.rs	Changed storage durability from persistent to instance for permission manager and redemption address storage, consolidated mint_batch validation loop
contracts/redemption/src/contract.rs	Changed storage durability to instance, refactored redemption status checking with new helper functions, added 60-day TTL extension
contracts/redemption/src/test.rs	Added test case for duplicate redemption hash validation
Multiple test snapshot files	Updated test snapshots reflecting storage durability changes from persistent to instance
address/dev.json	Updated contract addresses for development environment

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}