--- issue: 015 title: "Simulated transaction SIM_ bypass has no environment guard — can fire in production on wallet connection failure" severity: critical domain: Payment status: resolved resolved: 2026-05-29 fix: "Backend: wrapped SIM_ bypass in both paymentRoutes.ts and marketplace/routes.ts with process.env.NODE_ENV !== 'production' guard. Frontend: web3-provider.tsx and web3-payment.tsx now throw in production instead of silently returning a fake SIM_ hash." labels: [security, bug, critical, payment, frontend, bypass] status: open created: 2026-05-29 source: Doc vs Code Audit 2026-05-29 --- # 🔴 Simulated transaction SIM_ bypass has no environment guard — can fire in production on wallet connection failure **Severity:** critical **Domain:** Payment **Labels:** security, bug, critical, payment, frontend, bypass ## Description src/web3/context/web3-provider.tsx lines 225 and 232 generate SIM_ prefixed transaction hashes when wallet connection fails. The backend skips on-chain verification for any paymentHash starting with 'SIM_' — controlled only by hash prefix, not an environment flag. The frontend generates SIM_ hashes in an error fallback path that can trigger in production. ## Current Behavior In production, if a wallet connection times out or throws, the fallback generates a SIM_ hash that passes backend verification and creates a completed payment record without any real on-chain transaction. ## Expected Behavior SIM_ hash generation should be guarded by process.env.NODE_ENV !== 'production' check. Backend SIM_ bypass should also be gated by NODE_ENV. ## Reproduction Steps Simulate a wallet connection failure in staging — observe that a SIM_ hash is generated and check if a completed payment record is created in the database. ## Affected Files - `frontend/src/web3/context/web3-provider.tsx` ## References - [Doc vs Code Audit Report](../09%20-%20Audits/Doc%20vs%20Code%20Audit%20Report%20-%202026-05-29.md)