Current test suites cover basic invalid-amount cases (test_send_payment_invalid_amount, test_wrap_invalid_amount, test_collect_fee_invalid_amount, etc.) but none exercise arithmetic at the extremes: i128::MAX amounts in stellar_send::split_fee (stellar_send/src/lib.rs lines 369-381) that could hit the checked_mul/checked_sub overflow guards, fee_collector::collect_fee's checked_add overflow path when KEY_TOTAL is near i128::MAX, or token_bridge::credit_wrapped's overflow guard.
These ArithmeticOverflow error variants exist in each contract's error enum but are never actually triggered/asserted in any test file, meaning the overflow-protection code paths are currently untested and could regress silently.
Current test suites cover basic invalid-amount cases (
test_send_payment_invalid_amount,test_wrap_invalid_amount,test_collect_fee_invalid_amount, etc.) but none exercise arithmetic at the extremes:i128::MAXamounts instellar_send::split_fee(stellar_send/src/lib.rslines 369-381) that could hit thechecked_mul/checked_suboverflow guards,fee_collector::collect_fee'schecked_addoverflow path whenKEY_TOTALis neari128::MAX, ortoken_bridge::credit_wrapped's overflow guard.These
ArithmeticOverflowerror variants exist in each contract's error enum but are never actually triggered/asserted in any test file, meaning the overflow-protection code paths are currently untested and could regress silently.