[PR #36] Open receive() accumulates BNB silently; rescue() uses transfer() which reverts against multisig

[obchain]

PR: #36 feat(contracts): Foundry workspace + CharonLiquidator skeleton

Problem — two related issues in the same function pair:

1. receive() external payable {} at line 254 accepts any amount of native BNB from any sender with no event emission. No way for off-chain monitoring to detect accidental BNB accumulation or attacker front-running a flash-loan repayment by sending dust.

2. rescue() at line 235 uses payable(to).transfer(amount) to send native BNB. transfer() forwards exactly 2300 gas. Any recipient that is a multisig (e.g., Gnosis Safe) or contract with non-trivial fallback runs out of gas and reverts, permanently locking BNB.

Impact:

• Silent BNB accumulation creates unmonitored attack surface.
• If owner rotated to multisig cold wallet (recommended ops-sec posture), rescue() becomes permanently bricked for native BNB with no recovery path.

Fix: In receive(), emit event:

event BNBReceived(address indexed sender, uint256 amount);
receive() external payable {
    emit BNBReceived(msg.sender, msg.value);
}

In rescue(), replace transfer with low-level call + return check:

(bool ok, ) = payable(to).call{value: amount}("");
require(ok, "rescue: BNB transfer failed");

[obchain]

Fixed in feat/11-foundry-skeleton (33b9357). Removed the open receive() external payable { } so plain BNB sends to CharonLiquidator now revert — v0.1 does not handle the vBNB native market, and silent accumulation masked misrouted funds. Changed the native-BNB branch of rescue() from payable(to).transfer(amount) to payable(to).call{value: amount}("") with a checked success return, so multisigs and smart-contract wallets (whose fallbacks exceed the 2300-gas stipend post-EIP-1884) can receive rescued funds. ERC-20 path unchanged. Covered by test_directBnbTransferReverts and test_rescue_bnbToGasHungryContractRecipient (commit 3e99212).