Vault: enforce request_id idempotency in deduct to prevent double-metering

[greatest0fallt1me]

Description

CalloraVault::deduct accepts an optional request_id: Symbol and emits it in events, but never persists or checks it, so a backend retry with the same request_id double-charges the consumer. Add a persistent processed-request set so a repeated request_id is rejected, giving safe at-least-once retry semantics.

Requirements and Context

• Add StorageKey::ProcessedRequest(Symbol) persistent marker set on each successful deduct.
• Reject deducts whose request_id was already processed (only when request_id is Some).
• Extend the marker's TTL and document retention; clarify behavior when request_id is None.
• Must be secure, tested, and documented
• Should be efficient and easy to review

Suggested Execution

1. Fork the repo and create a branch

   git checkout -b feature/vault-request-id-idempotency

2. Implement changes
   • contracts/vault/src/lib.rs — processed-request storage + guard
   • contracts/vault/STORAGE.md — document retention/TTL
3. Test and commit
   • cargo test -p callora-vault
   • Test duplicate request_id rejected, distinct ids succeed, None unaffected
   • Include test output and notes in the PR

Example commit message

feat: enforce request_id idempotency in vault deduct

Acceptance Criteria

• Duplicate Some(request_id) deduct rejected
• Distinct ids and None behave correctly
• Marker TTL extended and retention documented
• Tests cover retry semantics

Guidelines

• .rs under contracts/vault/src/, cargo test, /// docs, minimum 95% line coverage, no unwrap() in prod paths
• Clear documentation and inline comments
• Timeframe: 96 hours

[Harbduls]

@Harbduls has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Please allow me to. Work on this
I am a smart contract developer
I can fix this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Harbduls to this issue.

[drips-wave]

Congratulations, @Harbduls! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @Harbduls: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊