Unvalidated External Calls

[ISTIFANUS-N]

Files: Multi-chain and oracle integrations
Severity: Critical
Category: Security & Safety

Description:
External calls to other contracts and oracles lack proper validation.

Acceptance Criteria:

• Add validation for all external contract addresses
• Implement response validation for external calls
• Add fallback mechanisms for external service failures
• Add rate limiting for external calls
• Test external service failure scenarios

Impact: High - External vulnerabilities could compromise the system

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 200 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

Warning

Only applications submitted via the apply link above will be considered. Please do not apply by commenting on the issue or opening a PR directly.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[AbuTuraab]

@AbuTuraab has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

Hi,

I’d like to request assignment to this issue.

As a full-stack developer working actively in the Stellar ecosystem, I understand how important robust automation is for projects that combine Soroban smart contracts, backend services, and frontend applications. A reliable CI/CD pipeline is the backbone of safe contract development, deterministic builds, and predictable testnet releases.

During the previous waves of contributions, I worked on several Stellar-related repos where I resolved issues such as:
Frontend implementations.
Misconfigured GitHub Actions leading to failing builds
Missing or incomplete Soroban contract test pipelines
Frontend pipelines that didn’t catch build/lint errors
Inefficient caching (Rust, pnpm) that slowed down CI
Incorrect workflow permissions affecting deployment and artifact uploads
These issues helped me develop a strong sense of what healthy CI/CD should look like for blockchain projects.

Relevant Skills
Full-stack expertise with Soroban, Rust, TypeScript, and modern frontend tooling
Strong experience designing and maintaining GitHub Actions workflows
Familiar with contract testing, reproducible builds, and blockchain dev best practices
Experience with pnpm-based frontend CI pipelines (install, lint, type-check, build)
Comfortable implementing secure deployment flows, secret management, and workflow permission hardening
Confident in making pipelines faster and more reliable using smart caching strategies

ETA: 6hrs

ℹ️ Repo Maintainers: To accept this application, review their application or assign @AbuTuraab to this issue.

[LaGodxy]

@LaGodxy has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

Hello, maintainer, can I work on this.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @LaGodxy to this issue.

[drips-wave]

Congratulations, @LaGodxy! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on March 30, 2026.

🧑‍💻 @LaGodxy: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[drips-wave]

This issue has been completed by @LaGodxy as part of the Stellar Wave Program's 3rd Wave 🥳

😎 @LaGodxy: You earned 200 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here. You can also Leave a review to share your experience working on this issue.

🧑‍💻 Repo maintainers: How'd the contributor do? Leave a review to share your experience working with them.