Security Checklist

Reentrancy protection implemented

relief-pool/src/lib.rs — state updated before transfer

Integer overflow uses i128 (128-bit)

All amount fields typed as i128 in all contracts

Admin-only functions require_auth()

admin.require_auth() on all privileged functions

Events emitted for all state changes

env.events().publish() on every mutation

Initialize can only run once

Panics if DataKey::Initialized already set

USDC token transfer validated

Balance checked before transfer in relief-pool

Daily limits enforced for shopkeepers

shopkeeper-registry/src/lib.rs check_daily_limit()

Double-spend prevention for victims

victim-registry tracks aid_available balance

Private keys never stored anywhere

Only publicKey stored in WalletContext + localStorage

All API calls use HTTPS

horizon-testnet.stellar.org and soroban-testnet both HTTPS

Contract IDs in environment variables only

NEXT_PUBLIC_* vars in .env.local, not hardcoded

XSS protection via React JSX escaping

All user data rendered via JSX, no dangerouslySetInnerHTML

Wallet permission scoped to public key only

Freighter only grants getPublicKey() access

SSE errors handled gracefully

source.onerror silently disposes in stellar.ts

GitHub secrets configured for CI/CD

VERCEL_TOKEN, ORG_ID, PROJECT_ID in repo secrets

CI/CD only deploys from main branch

github.ref check in deploy.yml

No hardcoded credentials in codebase

git grep for API keys returns zero results

All dependencies pinned to specific versions

package-lock.json committed to repository

ZK identity — no PII stored on chain

Only SHA-256 hashes stored in victim-registry

Victim identity verified without revealing data

verify_victim() compares hashes only

Clawback prevents corruption instantly

clawback-controller can seize USDC on-chain

Shopkeeper daily limits prevent excess

Max daily cashout enforced per shopkeeper

Dispute flagging system active

flag_shopkeeper() tracked with dispute_count