Problem
mark_defaulted (lib.rs:486) and apply_late_fees (lib.rs:898) are permissionless — they do not call require_auth(). This may be intentional (anyone can trigger a default on overdue loans), but it is not documented anywhere.
What To Build
- Add Rust doc comments to both functions explaining why they are permissionless
- Document the security implications
Files To Touch
- contracts/creditline-contract/src/lib.rs — lines 486, 898
Acceptance Criteria
Mandatory Checks
Problem
mark_defaulted (lib.rs:486) and apply_late_fees (lib.rs:898) are permissionless — they do not call require_auth(). This may be intentional (anyone can trigger a default on overdue loans), but it is not documented anywhere.
What To Build
Files To Touch
Acceptance Criteria
Mandatory Checks