Negative test: unauthorized settle or withdraw

[greatest0fallt1me]

Description

If settle/withdraw requires auth in final design, add tests ensuring wrong signer cannot drain.

Requirements and context

• Align with token integration.
• Use granular auth testing patterns.

Suggested execution

• Fork the repository and create a branch (example below).
• Implement the changes in the StreamPay-Contracts Soroban crate (streampay-contracts).
• Keep the contract secure, tested, and documented; prefer small, reviewable diffs.

git checkout -b test/unauthorized-settle-withdraw

Implementation targets

• src/lib.rs tests without mock_all_auths where applicable.

Tests and validation

• Document Soroban auth testing pattern.

• Run cargo test in StreamPay-Contracts.

• Cover edge cases; capture test output and short security notes in the PR description.

Guidelines

• Target minimum 95% test coverage for touched contract code (or justify gaps explicitly).
• Clear documentation (rustdoc / project docs as specified).
• Timeframe: 96 hours from assignment.

Example commit message

test(contracts): unauthorized payout attempts fail

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 200 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

Warning

Only applications submitted via the apply link above will be considered. Please do not apply by commenting on the issue or opening a PR directly.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[icodeBisola]

@icodeBisola has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

I would like to contribute to this issue, I have ETC of 2-3 hours and I am the best candidate to resolve this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @icodeBisola to this issue.

[drips-wave]

Congratulations, @icodeBisola! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on March 30, 2026.

🧑‍💻 @icodeBisola: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊