Telegram (ask questions / claim the issue here first): https://t.me/+DOylgFv1jyJlNzM0
Why this matters
transfer in remittance_nft/src/lib.rs copies Metadata, ScoreHistory, DefaultCount, and Seized to the destination but a seized borrower can still call transfer (only from.require_auth() and not-paused are required; is_seized is never checked). The seized borrower can offload the NFT, and conversely the score/seized flags are not tied to outstanding loans in loan_manager, so transfer can move credit standing in ways the lending logic does not expect.
Acceptance criteria
Files to touch
- remittance_nft/src/lib.rs
- loan_manager/src/lib.rs
Out of scope
- Making the NFT non-transferable entirely (unless chosen as the fix)
- Cross-contract active-loan registry redesign
Why this matters
transfer in remittance_nft/src/lib.rs copies Metadata, ScoreHistory, DefaultCount, and Seized to the destination but a seized borrower can still call transfer (only from.require_auth() and not-paused are required; is_seized is never checked). The seized borrower can offload the NFT, and conversely the score/seized flags are not tied to outstanding loans in loan_manager, so transfer can move credit standing in ways the lending logic does not expect.
Acceptance criteria
Files to touch
Out of scope