--- issue: 088 title: "Frontend: adminWalletPayout falls back to literal 'admin' adminUserId" severity: medium domain: Payment labels: [bug, frontend, authorization] status: open created: 2026-05-30 source: Full Codebase Audit 2026-05-30 --- # Frontend: adminWalletPayout falls back to literal 'admin' adminUserId **Severity:** medium **Domain:** Payment **Labels:** bug, frontend, authorization ## Description `src/actions/payment.ts:663` sends `adminUserId: adminUserId || 'admin'`. When the admin user ID is not available (e.g. context not loaded), the string literal `'admin'` is sent to the backend. This may match a user record named 'admin' unintentionally or corrupt audit trails. ## Options 1. Require `adminUserId` and throw/abort if absent (no fallback). 2. Source `adminUserId` from the authenticated admin context automatically. 3. Keep a fallback but use the real admin id from token rather than the string `'admin'`. ## Recommendation Remove the `'admin'` literal and require a real admin id from the auth context; abort if unavailable. This affects audit/authorization semantics. ## Affected Files - `frontend/src/actions/payment.ts:663` ## References - [Full Codebase Audit 2026-05-30](../09%20-%20Audits/Full%20Codebase%20Audit%20-%202026-05-30.md) — DEC-17