fix: critical auth bypass, O(1) state optimization and TTL rent management

[davicf400]

Description

This PR addresses three critical architectural and security vulnerabilities in the RiskTierContract: access control bypass, state bloat (DoS risk), and state archival prevention (TTL management). These fixes ensure the contract is secure, scalable, and ready for Soroban mainnet deployment.

Key Changes & Security Fixes

1. Critical: Auth Bypass in update_chosen_tier

• Vulnerability: The function accepted a user address parameter but lacked authentication validation. A malicious actor could pass another user's address and forcibly downgrade their chosen tier to TIER_3, potentially triggering unfair liquidations in partner protocols.
• Fix: Added user.require_auth(); to ensure the transaction is securely signed by the actual user modifying their tier.
• Tests: Updated the test environment with env.mock_all_auths() to support the new security assertion.

2. High: State Bloat & CPU Budget Exhaustion (O(1) Optimization)

• Vulnerability: The contract was storing users in an unbounded array (Vec<Address>). Iterating over this array with .contains() to prevent duplicates creates an $O(n)$ complexity operation that would inevitably exceed Soroban's CPU/RAM budget as the user base grows, resulting in a permanent DoS.
• Fix: Replaced the Vec with an $O(1)$ dual-mapping approach:
  • A boolean mapping (tier, "is_member", user) to efficiently prevent duplicate entries.
  • A simple u32 counter (tier, "count") to keep get_tier_stats operational and cheap.
• Refactor: Removed get_tier_users as indexing dynamic lists on-chain is a Soroban anti-pattern (indexers/events should handle this off-chain).

3. High: State Archival / Rent Management

• Vulnerability: Persistent storage in Soroban requires TTL extension to prevent state archival. Because risk scores dictate user liquidation risks, allowing these entries to expire would break DeFi composability.
• Fix: Implemented DAY_IN_LEDGERS, BUMP_AMOUNT (30 days), and LIFETIME_THRESHOLD constants. Injected extend_ttl() calls into all state-modifying and state-reading functions to ensure active scores remain alive indefinitely.

4. CI/CD Pipeline Fix

• Fix: Added features = ["testutils"] to dev-dependencies in Cargo.toml so the test suite can properly compile and utilize Address::generate() without being configured out.

Testing

• All 16 tests pass successfully (cargo test).
• The state modifications were verified against test_get_tier_stats to ensure complete backwards compatibility with the existing frontend logic.

[vercel]

@davicf400 is attempting to deploy a commit to the mericcintosun Team on Vercel.

A member of the Team first needs to authorize it.