Add overflow protection and fuzz tests for claimable amount calculation

[ogazboiz]

Join our community: https://t.me/+DOylgFv1jyJlNzM0

Description

get_claimable_amount() multiplies rate_per_second * elapsed_seconds in i128. For high-rate or long-duration streams this can overflow, returning an incorrect or negative value. No invariant fuzz tests exist.

What Needs to Happen

• Replace raw multiplication with checked_mul in the contract
• Cap at deposited_amount - withdrawn_amount on overflow
• Apply same protection to claimable.service.ts (BigInt)
• Add fuzz tests: withdrawn <= deposited, claimable <= remaining, cancel_refund + withdrawn <= deposited
• 10,000+ iterations with random amounts, durations, pause sequences

Files

• contracts/stream_contract/src/lib.rs
• backend/src/services/claimable.service.ts

Acceptance Criteria

• No panic for any valid i128 input
• Fuzz test runs 10,000+ iterations without violation
• Both contract and service protected

[Danitello123]

@Danitello123 has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

I’m a smart contract and full-stack developer who turns complex ideas into secure, production-ready blockchain code.
With strong skills in Rust and Solidity, I build systems that are fast, safe, and built to last.
My experience with the Stellar SDK lets me ship real-world Web3 solutions that actually move value

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Danitello123 to this issue.

[Daveside9]

@Daveside9 has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

give me the opportunity to fix this.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Daveside9 to this issue.

[brite-side0]

@brite-side0 has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

hello dear maintainer,
i would love to work along side you sir on this task

ℹ️ Repo Maintainers: To accept this application, review their application or assign @brite-side0 to this issue.

[victor-olamide]

@victor-olamide has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

Hello Maintainer, I can work on this issue.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @victor-olamide to this issue.

[drips-wave]

Congratulations, @victor-olamide! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on April 29, 2026.

🧑‍💻 @victor-olamide: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊