Telegram (ask questions / claim the issue here first): https://t.me/+DOylgFv1jyJlNzM0
Why this matters
src/middleware/idempotency.ts only writes the cached response on the res 'finish' event (lines 74-91), so two concurrent requests sharing one Idempotency-Key both miss the cache check (line 30) and both execute the handler. On /loans/:loanId/repay and /pool/submit this can submit the same signed transaction to Stellar twice.
Acceptance criteria
Files to touch
- src/middleware/idempotency.ts
- src/services/cacheService.ts
- src/routes/loanRoutes.ts
- src/routes/poolRoutes.ts
Out of scope
- Changing the 24h TTL policy
- Adding idempotency to GET endpoints
Why this matters
src/middleware/idempotency.ts only writes the cached response on the res 'finish' event (lines 74-91), so two concurrent requests sharing one Idempotency-Key both miss the cache check (line 30) and both execute the handler. On /loans/:loanId/repay and /pool/submit this can submit the same signed transaction to Stellar twice.
Acceptance criteria
Files to touch
Out of scope