🟠 HIGH: test-contract.cjs uses PostConditionMode.Allow on mainnet transactions

## Description

The deployment test script `scripts/test-contract.cjs` broadcasts transactions to mainnet with `postConditionMode: PostConditionMode.Allow`. This disables Stacks post-condition enforcement, meaning the contract could transfer more STX than the sender intended without the transaction being rejected by the chain.

The frontend correctly uses `PostConditionMode.Deny` everywhere, but this script creates a dangerous precedent and could be copied by contributors.

## Files Affected

- `scripts/test-contract.cjs` (line ~65)

## Current Behavior

```js
postConditionMode: PostConditionMode.Allow,
```

## Expected Behavior

```js
postConditionMode: PostConditionMode.Deny,
postConditions: [
    Pc.principal(senderAddress).willSendLte(amount).ustx(),
],
```

## Proposed Fix

1. Change mode to `PostConditionMode.Deny`
2. Add explicit STX post-conditions matching the expected transfer2. Add explicit Sco2. Add explicit STX post-conditions matching the expected ttion scripts

## Severity

**High** -- Weakens transaction safety on mainnet

## Labels

`security`, `bug`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

🟠 HIGH: test-contract.cjs uses PostConditionMode.Allow on mainnet transactions #223

Description

Files Affected

Current Behavior

Expected Behavior

Proposed Fix

Severity

Labels

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

🟠 HIGH: test-contract.cjs uses PostConditionMode.Allow on mainnet transactions #223

Description

Description

Files Affected

Current Behavior

Expected Behavior

Proposed Fix

Severity

Labels

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions