--- issue: 078 title: "Scanner: idempotency path ignores mismatched parameters — silent collision" severity: high domain: Scanner labels: [bug, scanner, idempotency] status: open created: 2026-05-30 source: Full Codebase Audit 2026-05-30 --- # Scanner: idempotency path ignores mismatched parameters — silent collision **Severity:** high **Domain:** Scanner **Labels:** bug, scanner, idempotency ## Description `scanner/api.go:191` returns the existing intent when an `intentId` collision is detected, but does not compare the stored parameters to the incoming request. If a caller reuses an `intentId` with different `amount`, `tokenAddress`, or `callbackUrl`, the scanner silently returns the old intent and monitors the wrong payment parameters. ## Options 1. Return `409 Conflict` if stored params differ from request. 2. Return existing intent only if params match; else error. 3. Treat any reuse as conflict regardless of params. ## Recommendation Compare stored vs incoming params and return `409 Conflict` on mismatch (return existing only on exact match). Changes API contract. ## Affected Files - `scanner/api.go:191` ## References - [Full Codebase Audit 2026-05-30](../09%20-%20Audits/Full%20Codebase%20Audit%20-%202026-05-30.md) — DEC-62