Audit and test require_auth coverage across all privileged entrypoints

[mikewheeleer]

Harden and verify authorization on every state-changing entrypoint

Description

Authorization in contracts/escrow/src/lib.rs is hand-rolled per entrypoint (admin.require_auth() after a storage read). The test suite uses env.mock_all_auths(), which means no test ever proves that a missing or wrong authorization actually fails. This issue audits each privileged entrypoint and adds negative authorization tests using scoped auth mocking.

Requirements and context

• Repository scope: Agentpay-Org/Agentpay-contracts only.
• Enumerate every entrypoint that mutates state (set_service_price, register_service, pause, propose_admin_transfer, set_agent_allowed, set_service_disabled, set_service_metadata, migrate_v1_to_v2, settle, etc.) and confirm each calls require_auth on the correct principal before any write.
• Add tests using env.mock_auths(&[...]) (scoped) to assert that an unauthorized caller is rejected, rather than blanket mock_all_auths.
• Where an entrypoint reads admin then auths, confirm ordering cannot leak a partial write on auth failure.
• Document the authorization model in a docs/escrow/security.md section.

Suggested execution

• Fork the repo and create a branch
• git checkout -b security/contracts-22-auth-audit
• Implement changes
  • Write code in: contracts/escrow/src/lib.rs — fix any entrypoint missing or mis-ordering require_auth.
  • Write comprehensive tests in: contracts/escrow/src/test.rs — scoped-auth negative tests per entrypoint.
  • Add documentation: add docs/escrow/security.md with the auth matrix.
  • Include NatSpec-style doc comments (///) matching the existing style in lib.rs.
  • Validate security: prove no privileged write succeeds without the correct signer.
• Test and commit

Test and commit

• Run cargo fmt --all -- --check, cargo build, and cargo test.
• Cover edge cases: wrong signer, no signer, correct signer, and auth on the two-step handover principals.
• Include the full cargo test output and a short security notes section in the PR description.

Example commit message

security: audit and test require_auth coverage on privileged entrypoints

Guidelines

• Minimum 95 percent test coverage for impacted modules.
• Clear, reviewer-focused documentation.
• Timeframe: 96 hours.

Community & contribution rewards

• 💬 Join the AgentPay community on Discord for questions, reviews, and faster merges: https://discord.gg/eXvRKkgcv
• ⭐ This is a GrantFox OSS / Official Campaign task and may be rewarded. When your PR is merged you'll be prompted to rate the project — if this issue and the maintainers helped you ship, we'd be grateful for a 5-star rating. Clear questions in Discord and tidy, well-tested PRs are the fastest path to a merge and a reward.