Vault: fix set_authorized_caller to authenticate the calling owner, not just require its signature implicitly

[greatest0fallt1me]

Description

CalloraVault::set_authorized_caller reads meta.owner and calls meta.owner.require_auth() but takes no caller parameter and performs no caller == owner check, diverging from every other privileged function which takes an explicit caller. This inconsistent pattern makes auditing harder and the API surface inconsistent. Align it with the rest of the contract.

Requirements and Context

• Add an explicit caller: Address parameter, caller.require_auth(), and assert caller == meta.owner.
• Keep emitting set_authorized_caller with (old, new) data.
• Validate new_caller is not the vault address (consistent with init).
• Must be secure, tested, and documented
• Should be efficient and easy to review

Suggested Execution

1. Fork the repo and create a branch

   git checkout -b bug/vault-set-authorized-caller-auth

2. Implement changes
   • contracts/vault/src/lib.rs — explicit caller + self-address guard
   • docs/interfaces/vault.json — update signature
3. Test and commit
   • cargo test -p callora-vault
   • Test non-owner caller reverts; self-address rejected
   • Include test output and notes in the PR

Example commit message

fix: require explicit owner caller in set_authorized_caller

Acceptance Criteria

• Explicit caller parameter with owner check
• Self-address new_caller rejected
• Event payload unchanged
• Tests cover unauthorized and self-address cases

Guidelines

• .rs under contracts/vault/src/, cargo test, /// docs, minimum 95% line coverage, no unwrap() in prod paths
• Clear documentation and inline comments
• Timeframe: 96 hours

[ayomidearegbeshola29-dev]

@ayomidearegbeshola29-dev has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

I WILL LIKE TO WORK ON THIS PLS

ℹ️ Repo Maintainers: To accept this application, review their application or assign @ayomidearegbeshola29-dev to this issue.

[drips-wave]

Congratulations, @ayomidearegbeshola29-dev! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @ayomidearegbeshola29-dev: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[drips-wave]

This issue has been completed by @ayomidearegbeshola29-dev as part of the Stellar Wave Program's 5th Wave 🥳

😎 @ayomidearegbeshola29-dev: You earned 200 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here. You can also Leave a review to share your experience working on this issue.

🧑‍💻 Repo maintainers: How'd the contributor do? Leave a review to share your experience working with them.