emdevelopa
diff --git a/‎.gitignore‎
Lines changed: 3 additions & 1 deletion b/‎.gitignore‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎backend/migrations/20260401000003_unique_tx_id_on_payments.js‎
Lines changed: 16 additions & 0 deletions b/‎backend/migrations/20260401000003_unique_tx_id_on_payments.js‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎backend/src/lib/horizon-poller.js‎
Lines changed: 96 additions & 6 deletions b/‎backend/src/lib/horizon-poller.js‎
Lines changed: 96 additions & 6 deletions
diff --git a/‎backend/src/lib/logger.js‎
Lines changed: 2 additions & 0 deletions b/‎backend/src/lib/logger.js‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎backend/src/lib/stellar.js‎
Lines changed: 63 additions & 2 deletions b/‎backend/src/lib/stellar.js‎
Lines changed: 63 additions & 2 deletions
@@ -33,4 +33,6 @@ scripts/*.py
 task.md
 issueTmeplate.md
 vercelerror.md
-betterui.md
+betterui.md
+hackathon.md
+resources.md
@@ -0,0 +1,16 @@
+/**
+ * Add a partial unique index on payments.tx_id (excluding NULLs).
+ * This prevents two payments from ever being confirmed with the same
+ * on-chain transaction hash at the database level.
+ */
+export async function up(knex) {
+  await knex.raw(`
+    CREATE UNIQUE INDEX IF NOT EXISTS payments_tx_id_unique
+    ON payments (tx_id)
+    WHERE tx_id IS NOT NULL
+  `);
+}
+
+export async function down(knex) {
+  await knex.raw(`DROP INDEX IF EXISTS payments_tx_id_unique`);
+}
@@ -10,7 +10,7 @@
  */
 
 import { supabase } from "./supabase.js";
-import { findMatchingPayment } from "./stellar.js";
+import { findMatchingPayment, findAnyRecentPayment } from "./stellar.js";
 import { sendWebhook, isEventSubscribed } from "./webhooks.js";
 import { sendReceiptEmail } from "./email.js";
 import { renderReceiptEmail } from "./email-templates.js";
@@ -68,7 +68,24 @@ async function pollPendingPayments() {
 
     logger.info({ count: pending.length }, "Horizon poller: checking pending payments");
 
-    await Promise.allSettled(pending.map(p => checkPayment(p)));
+    // Group by recipient+asset to process same-address payments sequentially
+    // This prevents two payments with identical recipient+amount from both
+    // claiming the same on-chain transaction in the same cycle.
+    const groups = new Map();
+    for (const p of pending) {
+      const key = `${p.recipient}:${p.asset}`;
+      if (!groups.has(key)) groups.set(key, []);
+      groups.get(key).push(p);
+    }
+
+    // Process each group sequentially, different groups in parallel
+    await Promise.allSettled(
+      Array.from(groups.values()).map(async (group) => {
+        for (const p of group) {
+          await checkPayment(p);
+        }
+      })
+    );
 
   } catch (err) {
     logger.warn({ err }, "Horizon poller: unexpected error");
@@ -97,7 +114,65 @@ async function checkPayment(payment) {
 
     if (!match) {
       logger.info({ paymentId: payment.id }, "Horizon poller: no match yet");
-      return; // not confirmed yet
+
+      // Check for wrong-amount payment
+      const anyPayment = await findAnyRecentPayment({
+        recipient: payment.recipient,
+        assetCode: payment.asset,
+        assetIssuer: payment.asset_issuer,
+        createdAt: payment.created_at,
+      });
+
+      if (anyPayment) {
+        const received = Number(anyPayment.received_amount);
+        const expected = Number(payment.amount);
+        const diff = received - expected;
+
+        if (diff < -0.0000001) {
+          // Underpayment — mark failed
+          await supabase.from("payments").update({
+            status: "failed",
+            tx_id: anyPayment.transaction_hash,
+            metadata: {
+              ...(payment.metadata || {}),
+              failure_reason: "underpayment",
+              expected_amount: expected,
+              received_amount: received,
+              shortfall: Number((expected - received).toFixed(7)),
+            },
+          }).eq("id", payment.id).eq("status", "pending");
+
+          const redis = await connectRedisClient();
+          await invalidatePaymentCache(redis, payment.id);
+          logger.info({ paymentId: payment.id, expected, received }, "Horizon poller: underpayment detected — marked failed");
+
+          // Notify via SSE and Socket.io
+          streamManager.notify(payment.id, "payment.failed", { status: "failed", reason: "underpayment", expected_amount: expected, received_amount: received });
+          if (_io && payment.merchant_id) {
+            _io.to(`merchant:${payment.merchant_id}`).emit("payment:failed", { id: payment.id, reason: "underpayment", expected_amount: expected, received_amount: received });
+          }
+        } else if (diff > 0.0000001) {
+          // Overpayment — confirm but flag
+          const latencySeconds = (Date.now() - new Date(payment.created_at).getTime()) / 1000;
+          const { data: updated } = await supabase.from("payments").update({
+            status: "confirmed",
+            tx_id: anyPayment.transaction_hash,
+            completion_duration_seconds: Math.floor(latencySeconds),
+            metadata: { ...(payment.metadata || {}), overpayment: true, expected_amount: expected, received_amount: received, excess: Number((received - expected).toFixed(7)) },
+          }).eq("id", payment.id).eq("status", "pending").is("tx_id", null).select("id").maybeSingle();
+
+          if (!updated) return; // already claimed
+
+          const redis = await connectRedisClient();
+          await invalidatePaymentCache(redis, payment.id);
+          logger.info({ paymentId: payment.id, expected, received }, "Horizon poller: overpayment — confirmed with flag");
+          streamManager.notify(payment.id, "payment.confirmed", { status: "confirmed", tx_id: anyPayment.transaction_hash, overpayment: true });
+          if (_io && payment.merchant_id) {
+            _io.to(`merchant:${payment.merchant_id}`).emit("payment:confirmed", { id: payment.id, tx_id: anyPayment.transaction_hash, overpayment: true });
+          }
+        }
+      }
+      return;
     }
 
     // Guard: ensure this tx_hash hasn't already confirmed a different payment
@@ -116,22 +191,37 @@ async function checkPayment(payment) {
     const createdAt = new Date(payment.created_at);
     const latencySeconds = (Date.now() - createdAt.getTime()) / 1000;
 
-    // Update DB
-    const { error: updateError } = await supabase
+    // Atomic update: only succeeds if tx_id is still NULL (not claimed by another payment).
+    // The unique index on tx_id provides the final database-level guarantee.
+    const { data: updated, error: updateError } = await supabase
       .from("payments")
       .update({
         status: "confirmed",
         tx_id: match.transaction_hash,
         completion_duration_seconds: Math.floor(latencySeconds),
       })
       .eq("id", payment.id)
-      .eq("status", "pending"); // guard against double-confirm
+      .eq("status", "pending")
+      .is("tx_id", null)   // ← only claim if not already taken
+      .select("id")
+      .maybeSingle();
 
     if (updateError) {
+      // Unique constraint violation — another payment already claimed this tx
+      if (updateError.code === "23505") {
+        logger.warn({ paymentId: payment.id, txHash: match.transaction_hash }, "Horizon poller: tx_hash already claimed by another payment (unique constraint)");
+        return;
+      }
       logger.warn({ err: updateError, paymentId: payment.id }, "Horizon poller: DB update failed");
       return;
     }
 
+    // If updated is null, the row was already confirmed or claimed — skip
+    if (!updated) {
+      logger.info({ paymentId: payment.id }, "Horizon poller: payment already processed, skipping");
+      return;
+    }
+
     // Invalidate Redis cache
     const redis = await connectRedisClient();
     await invalidatePaymentCache(redis, payment.id);
 
@@ -19,6 +19,8 @@ export const logger = pino({
       options: { colorize: true, translateTime: "SYS:standard" },
     },
   }),
+
+  
   redact: {
     paths: REDACTED_PATHS,
     censor: "[REDACTED]",
 
@@ -158,9 +158,26 @@ function amountsMatch(expected, received) {
     return false;
   }
 
+  // Exact match within 1 stroop (0.0000001 XLM)
   return Math.abs(expectedNum - receivedNum) <= 0.0000001;
 }
 
+/**
+ * Classify how a received amount compares to the expected amount.
+ * Returns: "exact" | "underpaid" | "overpaid"
+ */
+export function classifyAmount(expected, received) {
+  const expectedNum = Number(expected);
+  const receivedNum = Number(received);
+
+  if (Number.isNaN(expectedNum) || Number.isNaN(receivedNum)) return "exact";
+
+  const diff = receivedNum - expectedNum;
+  if (Math.abs(diff) <= 0.0000001) return "exact";
+  if (diff < 0) return "underpaid";
+  return "overpaid";
+}
+
 function paymentMatchesAsset(payment, asset) {
   if (asset.isNative()) {
     return payment.asset_type === "native";
@@ -318,7 +335,7 @@ export async function findMatchingPayment({
   createdAt, // ISO string — only match transactions after this time
 }) {
   const asset = resolveAsset(assetCode, assetIssuer);
-  const createdAtMs = createdAt ? new Date(createdAt).getTime() : 0;
+  const createdAtMs = createdAt ? new Date(createdAt).getTime() - 60_000 : 0;
 
   let page;
   try {
@@ -383,14 +400,58 @@ export async function findMatchingPayment({
       id: payment.id,
       transaction_hash: payment.transaction_hash,
       is_multisig: isMultiSig,
+      received_amount: payment.amount,
     };
   }
 
   return null;
 }
 
 /**
- * Create a refund transaction XDR for a merchant to sign
+ * Find any recent payment to the recipient regardless of amount.
+ * Used to detect underpayments/overpayments.
+ * Returns { transaction_hash, received_amount } or null.
+ *
+ * Note: we intentionally use a loose time window (no strict createdAt filter)
+ * because Horizon ledger close times can have slight clock skew vs our DB.
+ * The tx_id uniqueness constraint prevents false matches from older transactions.
+ */
+export async function findAnyRecentPayment({
+  recipient,
+  assetCode,
+  assetIssuer,
+  createdAt,
+}) {
+  const asset = resolveAsset(assetCode, assetIssuer);
+  // Allow 60s of clock skew — reject anything more than 60s before intent creation
+  const cutoffMs = createdAt ? new Date(createdAt).getTime() - 60_000 : 0;
+
+  let page;
+  try {
+    page = await server.payments().forAccount(recipient).order("desc").limit(100).call();
+  } catch {
+    return null;
+  }
+
+  for (const payment of page.records) {
+    if (payment.type !== "payment" && payment.type !== "path_payment_strict_receive") continue;
+    if (payment.to !== recipient) continue;
+    if (!paymentMatchesAsset(payment, asset)) continue;
+
+    // Skip payments that are clearly older than the intent (with 60s slack)
+    if (cutoffMs > 0 && payment.created_at) {
+      if (new Date(payment.created_at).getTime() < cutoffMs) continue;
+    }
+
+    return {
+      transaction_hash: payment.transaction_hash,
+      received_amount: payment.amount,
+    };
+  }
+  return null;
+}
+
+/*
  * Issue #150: Implement a Refund API Transaction Helper
  */
 export async function createRefundTransaction({