Negative coverage for `try_*` / auth surfaces: `src/test_auth.rs` should map each critical unauthorized attempt [RC26Q2-C33]

[thlpkee20-wq]

Description

Harden the “client-friendly” surface by ensuring the tests exercise unauthorized attempts in a way integrators can mirror (including expected Result vs host panic). Align with docs/structured-error-coverage-expansion.md if that file exists in the repo.

Requirements and context

• This reduces integration bugs where a wallet assumes an error is returned but the host panics, or vice versa—document the actual behavior.

Suggested execution

• Fork the repo, then:

  • git checkout -b feature/soroban-try-auth-coverage

• Relevant modules: src/test_auth.rs, src/lib.rs, docs/structured-error-coverage-expansion.md, README.md

• Implement and verify

  • Add tests that call from wrong addresses for issuer-only operations, holder-only operations, and admin-only operations, per the real public API.

• Test and document

  • Add or extend automated tests; cover edge cases and invariants
  • Document security assumptions; include test output summary and a short security / risk note in the PR
  • For Revora-Contracts (Soroban): cargo test, cargo clippy, rustdoc/NatSpec-style entrypoint docs where applicable. Do not implement Solidity; this work targets Rust/WASM in this repository.
  • For Backend / Frontend: follow the repo’s existing Jest/TS/ESLint/Vite setup.
  • Example commit message: test(soroban): try_* auth and unauthorized negative matrix

Labels and GitHub label colors

• Create the labels in this issue’s labels: line under Settings → Labels in the target repo.
• Assign distinct colors (avoid all grey): e.g. #0052CC (blue, platform), #B60205 (red, security), #0E8A16 (green, tests), #5319E7 (purple, P1), #F9D0C4 (scope), #1D76DB (api), #BFD4F2 (docs) — pick a non-default palette so issues are scannable in the board.

Guidelines

• Target ≥ 95% test coverage for new or materially changed code paths
• Clear, linked documentation in-repo
• Timeframe: 96 hours from assignment

[Danto1606]

@Danto1606 has applied to work on this issue as part of the Stellar Wave Program's 4th wave.

I would like to work on this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Danto1606 to this issue.

[drips-wave]

Congratulations, @Danto1606! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on April 29, 2026.

🧑‍💻 @Danto1606: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[drips-wave]

This issue has been marked as completed by a Drips Wave moderator for @Danto1606 as part of the Stellar Wave Program's 4th Wave 🥳

Moderator's reason: [Auto-assessed] The contributor successfully addressed the issue by adding comprehensive negative test coverage for authentication surfaces in src/test_auth.rs. The PR includes significant high-quality documentation explaining the security model and covers numerous edge cases, including cross-offering confusion and layer-based auth failures, and has been merged by maintainers.

😎 @Danto1606: You earned 200 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here.

🧑‍💻 Repo maintainers: How'd the contributor do? Leave a review to share your experience working with them.

ℹ️ Note: This issue was marked complete via moderation. Points were issued even though the GitHub issue remains open.