Build invoice payment replay protection

[Kingsman-99]

Label: complexity: high
Points: 200

Description

Without comprehensive replay protection, signed payment transactions could be resubmitted. This issue adds a global transaction ID registry — every state-changing function accepts an optional tx_id: BytesN<32> that is stored on-chain after first use, rejecting any duplicate submission.

Technical Context

Involves lib.rs. Store used transaction IDs in persistent key ("txid", tx_id) as bool. Add check_and_mark_txid(env, tx_id: Option<BytesN<32>>) helper called at the start of pay(), release(), refund(). If tx_id already exists in storage, panic with "duplicate transaction".

Acceptance Criteria

• pay(), release(), refund() accept optional tx_id parameter
• First use of a tx_id succeeds and marks it as used
• Second use of same tx_id panics with "duplicate transaction"
• tx_id = None skips replay check (backward compatible)
• Test submits same tx_id twice and verifies second call panics
• All existing cargo tests pass
• cargo clippy passes with zero warnings

---

[samsolo247]

Hi Maintainer,

I’m a smart contract and full-stack developer and would love to contribute to this issue. I’m an experienced contributor with hands-on expertise in Rust, Soroban, Cairo, and TypeScript.

I’m passionate about building secure, scalable blockchain solutions, with a strong emphasis on writing clean and maintainable code. Based on the scope of this issue, I’m confident I can deliver a complete solution within 24 hours of assignment.

I’d greatly appreciate the opportunity to contribute and help move this forward.

[fathiaoyinloye]

Hi, I’m a Software Engineer with experience building and maintaining software applications. I’m interested in contributing to this project.

[Menjay7]

Hi! I came across this issue and would love to work on it. I have experience with similar tasks and I'm confident I can investigate, implement a clean solution, and thoroughly test it before submitting a PR. If the issue is still open, I would appreciate it if you could assign it to me. Thank you!

[angelyem33-hub]

@angelyem33-hub has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

i will like to work on this issue please

ℹ️ Repo Maintainers: To accept this application, review their application or assign @angelyem33-hub to this issue.

[drips-wave]

Congratulations, @angelyem33-hub! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @angelyem33-hub: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊