From 6f323cdd9f2a497011d265c2bf871ed012c6fb7c Mon Sep 17 00:00:00 2001
From: savagechucks <onodairo449449@gmail.com>
Date: Sat, 28 Mar 2026 19:11:09 +0100
Subject: [PATCH] fix: restrict creation deposit release to the market creator

---
 contracts/predict-iq/src/lib.rs             | 3 ++-
 contracts/predict-iq/src/modules/markets.rs | 8 ++++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/contracts/predict-iq/src/lib.rs b/contracts/predict-iq/src/lib.rs
index 8ce100d..232c629 100644
--- a/contracts/predict-iq/src/lib.rs
+++ b/contracts/predict-iq/src/lib.rs
@@ -290,8 +290,9 @@ impl PredictIQ {
     pub fn claim_creation_deposit(
         e: Env,
         market_id: u64,
+        caller: Address,
     ) -> Result<(), ErrorCode> {
-        crate::modules::markets::claim_creation_deposit(&e, market_id)
+        crate::modules::markets::claim_creation_deposit(&e, market_id, caller)
     }
 
     // Governance and Upgrade Functions
diff --git a/contracts/predict-iq/src/modules/markets.rs b/contracts/predict-iq/src/modules/markets.rs
index 6400798..8b6dd2e 100644
--- a/contracts/predict-iq/src/modules/markets.rs
+++ b/contracts/predict-iq/src/modules/markets.rs
@@ -331,11 +331,15 @@ pub fn set_creation_deposit(e: &Env, amount: i128) -> Result<(), ErrorCode> {
 pub fn claim_creation_deposit(
     e: &Env,
     market_id: u64,
+    caller: soroban_sdk::Address,
 ) -> Result<(), ErrorCode> {
     let mut market = get_market(e, market_id).ok_or(ErrorCode::MarketNotFound)?;
 
-    // 1. Only the creator can claim their own deposit
-    market.creator.require_auth();
+    // Only the creator can claim their own deposit
+    if caller != market.creator {
+        return Err(ErrorCode::NotAuthorized);
+    }
+    caller.require_auth();
 
     // 2. Market must be fully resolved
     if market.status != MarketStatus::Resolved {