fix(#806): guard withdrawnAmount/depositedAmount mutations behind ide…#982
Open
BernardOnuh wants to merge 1 commit into
Open
fix(#806): guard withdrawnAmount/depositedAmount mutations behind ide…#982BernardOnuh wants to merge 1 commit into
BernardOnuh wants to merge 1 commit into
Conversation
…ehind idempotency check Adds replay tests for handleTokensWithdrawn and handleStreamToppedUp, and fixes a bug where the duplicate-event check ran after the Stream mutation instead of before it — a replayed tokens_withdrawn event would double-count withdrawnAmount. Closes LabsCrypt#806
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Fixes a real idempotency bug in the Soroban event worker:
handleTokensWithdrawnandhandleStreamToppedUpchecked for a duplicateStreamEventafter already mutating theStreamrow. That meant the duplicate check only protected the audit log, not the actual financial fields — a replayedtokens_withdrawnevent would double-countwithdrawnAmount.Type of Change
Related Issues
Closes #806
Changes Made
handleTokensWithdrawn: moved thestreamEvent.findUniqueduplicate check to the top of the transaction and return early before accumulatingwithdrawnAmount, so a replayed event can no longer double-increment it.handleStreamToppedUp: same fix applied for consistency — duplicate check now guards thedepositedAmount/endTimemutation, not just theStreamEventupsert.soroban-event-worker.test.ts:handleTokensWithdrawnprocessed twice with the sametxHash— assertswithdrawnAmountchanges exactly oncehandleStreamToppedUpreplayed with the sametxHash— assertsdepositedAmount/endTimeare applied once and not re-applied on replayTesting
Test Coverage
Test Steps
cd backend && npx vitest run tests/soroban-event-worker.test.tsEvent processing idempotencysuite passBreaking Changes
None.
Checklist
Additional Notes
Scope limited to
backend/tests/soroban-event-worker.test.tsandbackend/src/workers/soroban-event-worker.tsper the issue's "Files to touch." Broadcast (sseService.broadcastToStream) behavior on replay was left unchanged, since it wasn't part of the acceptance criteria — worth a follow-up issue if duplicate SSE events to clients become a concern.