Full-codebase-audit 2026-05-30 outputs: - Audit report: 09 - Audits/Full Codebase Audit - 2026-05-30.md - 81 issue files ISSUE-055..135 (decisions + 1 skipped no-brainer). - Scanner docs from scratch (was zero): architecture, data model, API ref, payment flow, operations runbook + repo README. - Doc-sync updates across API reference, data models, flows, design system. - Secret Rotation Runbook (08 - Operations) for the exposed credentials. - Reusable workflow guide (07 - Development) + .claude/workflows/full-codebase-audit.js. Issues remain status:open intentionally — the code fixes are uncommitted-then-committed working-tree changes per repo and aren't "resolved" until merged/deployed. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
1.2 KiB
1.2 KiB
issue, title, severity, domain, labels, status, created, source
| issue | title | severity | domain | labels | status | created | source | |||
|---|---|---|---|---|---|---|---|---|---|---|
| 078 | Scanner: idempotency path ignores mismatched parameters — silent collision | high | Scanner |
|
open | 2026-05-30 | Full Codebase Audit 2026-05-30 |
Scanner: idempotency path ignores mismatched parameters — silent collision
Severity: high Domain: Scanner Labels: bug, scanner, idempotency
Description
scanner/api.go:191 returns the existing intent when an intentId collision is detected, but does not compare the stored parameters to the incoming request. If a caller reuses an intentId with different amount, tokenAddress, or callbackUrl, the scanner silently returns the old intent and monitors the wrong payment parameters.
Options
- Return
409 Conflictif stored params differ from request. - Return existing intent only if params match; else error.
- Treat any reuse as conflict regardless of params.
Recommendation
Compare stored vs incoming params and return 409 Conflict on mismatch (return existing only on exact match). Changes API contract.
Affected Files
scanner/api.go:191
References
- Full Codebase Audit 2026-05-30 — DEC-62