LoanManager — No Liquidation Mechanism for Under-Collateralized Loans

[nonso7]

Closes #356

[ogazboiz]

The contracts CI is failing on the rustfmt format check. This isn't a logic issue, just formatting.

Run this in the contracts directory and push:

cd contracts
cargo fmt

Then commit and push the formatting changes. The CI should pass after that.

[ogazboiz]

Contracts CI is failing under 30 seconds, which is almost always a cargo fmt check. Run this from the contracts/ directory and commit the result:

cd contracts
cargo fmt
git add -A
git commit -m 'style: apply cargo fmt'
git push

[ogazboiz]

The codebase issues on main have been resolved and all CI checks are passing now. Please rebase your branch to pull in the latest changes before continuing. Thanks for your patience.

[ogazboiz]

The liquidation mechanism design is solid and test coverage is good. Several issues to fix:

Must fix:

1. Run `cargo fmt` to pass CI
2. Resolve merge conflicts by rebasing onto latest main
3. Replace `unwrap_or(0)` with proper error returns in `liquidate()`. If `checked_mul` overflows, the ratio becomes 0, which incorrectly flags any loan as liquidatable. This is a security issue.
4. The `as u32` cast on `collateral_ratio_bps` will silently wrap around for massively over-collateralized loans. Use `try_into()` with error handling.

Should address:
5. The collateral ratio calculation assumes collateral and loan are the same token (divides amounts directly with no price oracle). If that's always true in this protocol, add a comment. If not, you need a price feed.
6. Outstanding debt is never cleared on liquidation. The loan moves to Liquidated status but the borrowed amount stays on the books. Decide if debt should be written off.
7. Move auth check before input validation in `set_liquidation_threshold` and `set_liquidation_bonus`.

Nice to have:
8. Add a test for liquidation when the contract is paused
9. Consider a credit score penalty for liquidated borrowers

[ogazboiz]

Friendly reminder to rebase your branch onto the latest main and address the review feedback when you get a chance. The codebase had some fixes recently so a rebase is needed before we can move forward. Let me know if you need help.

[ogazboiz]

heads up, a few important changes just landed on main that affect your PR:

1. axios pinned to 1.13.5 - there's an active supply chain attack on axios 1.14.1 (pulls in confirmed malware). we added overrides in all package.json files to block it.

2. CI now runs a supply chain audit before backend/frontend jobs. if your lockfile has a compromised package, CI will fail with a clear error.

3. backend test fixes - loanEndpoints tests now use valid Stellar addresses and base64 strings. if your PR was failing backend CI but you didn't touch backend code, this should fix it after rebase.

please rebase on latest main:

git fetch upstream
git rebase upstream/main
git push --force-with-lease