No settlement idempotency — duplicate payments possible

[adambalogh]

Description

There is no deduplication mechanism for settlement operations. If settle() is called twice for the same payment (e.g., due to a retry, network timeout, or client bug), it can result in duplicate on-chain transactions.

Impact

• Double-spending: the same payment payload can be settled multiple times
• Financial loss for the facilitator or payer depending on the scheme
• No way to detect or recover from duplicate settlements after the fact

Fix

1. Implement idempotency keys — derive a unique key from the payment payload (e.g., hash of payer + nonce + amount + recipient)
2. Track settlement status in Redis or a persistent store before submitting the on-chain transaction
3. Check for existing settlement before executing a new one
4. Return the existing settlement result for duplicate requests
5. Add a TTL-based cleanup for completed settlement records