From 597c9d93a3bee2a3c9b87e65e78e8e4f084d04b4 Mon Sep 17 00:00:00 2001
From: morelucks <luckykamshak@gmail.com>
Date: Thu, 25 Jun 2026 23:24:06 +0100
Subject: [PATCH] test: register and wire reentrancy fault-injection tests

---
 TODO.md                         | 30 ++++++++---------
 quicklendx-contracts/Cargo.lock | 60 +++++++++++++++++++++++++++++++++
 quicklendx-contracts/src/lib.rs |  4 +++
 3 files changed, 79 insertions(+), 15 deletions(-)

diff --git a/TODO.md b/TODO.md
index dcd38e4e..8f00d2b1 100644
--- a/TODO.md
+++ b/TODO.md
@@ -1,20 +1,20 @@
 # TODO: Hostile reentrancy fault-injection suite
 
-- [ ] Create `quicklendx-contracts/src/test_reentrancy_fault_injection.rs`
-  - [ ] Implement test harness + HostileToken contract(s) or helper pattern
-  - [ ] Implement hostile token behavior: re-enter QuickLendX during token transfer
-  - [ ] Drive guarded entrypoints:
-    - [ ] accept_bid_and_fund
-    - [ ] process_partial_payment
-    - [ ] settle_invoice
-    - [ ] refund_escrow
-    - [ ] release_escrow
-  - [ ] Assertions: any re-entry fails pre-mutation with `OperationNotAllowed`
-  - [ ] Edge cases: deeply nested + alternating entrypoints
-  - [ ] Add security doc comments + P0 classification
-- [ ] Create `docs/reentrancy-fault-injection.md`
-  - [ ] Explain guard mechanism and hostile token approach
-  - [ ] Document P0 note
+- [x] Create `quicklendx-contracts/src/test_reentrancy_fault_injection.rs`
+  - [x] Implement test harness + HostileToken contract(s) or helper pattern
+  - [x] Implement hostile token behavior: re-enter QuickLendX during token transfer
+  - [x] Drive guarded entrypoints:
+    - [x] accept_bid_and_fund
+    - [x] process_partial_payment
+    - [x] settle_invoice
+    - [x] refund_escrow
+    - [x] release_escrow
+  - [x] Assertions: any re-entry fails pre-mutation with `OperationNotAllowed`
+  - [x] Edge cases: deeply nested + alternating entrypoints
+  - [x] Add security doc comments + P0 classification
+- [x] Create `docs/reentrancy-fault-injection.md`
+  - [x] Explain guard mechanism and hostile token approach
+  - [x] Document P0 note
 - [ ] Run `cargo test test_reentrancy_fault_injection`
 - [ ] Fix compile/test failures until green
 
diff --git a/quicklendx-contracts/Cargo.lock b/quicklendx-contracts/Cargo.lock
index d682a47a..6314325c 100644
--- a/quicklendx-contracts/Cargo.lock
+++ b/quicklendx-contracts/Cargo.lock
@@ -1119,6 +1119,7 @@ dependencies = [
  "serde",
  "serde_json",
  "soroban-sdk",
+ "toml",
 ]
 
 [[package]]
@@ -1383,6 +1384,15 @@ dependencies = [
  "zmij",
 ]
 
+[[package]]
+name = "serde_spanned"
+version = "0.6.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "bf41e0cfaf7226dca15e8197172c295a782857fcb97fad1808a166870dee75a3"
+dependencies = [
+ "serde",
+]
+
 [[package]]
 name = "serde_with"
 version = "3.18.0"
@@ -1817,6 +1827,47 @@ dependencies = [
  "time-core",
 ]
 
+[[package]]
+name = "toml"
+version = "0.8.23"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc1beb996b9d83529a9e75c17a1686767d148d70663143c7854d8b4a09ced362"
+dependencies = [
+ "serde",
+ "serde_spanned",
+ "toml_datetime",
+ "toml_edit",
+]
+
+[[package]]
+name = "toml_datetime"
+version = "0.6.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "22cddaf88f4fbc13c51aebbf5f8eceb5c7c5a9da2ac40a13519eb5b0a0e8f11c"
+dependencies = [
+ "serde",
+]
+
+[[package]]
+name = "toml_edit"
+version = "0.22.27"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a"
+dependencies = [
+ "indexmap 2.13.0",
+ "serde",
+ "serde_spanned",
+ "toml_datetime",
+ "toml_write",
+ "winnow",
+]
+
+[[package]]
+name = "toml_write"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801"
+
 [[package]]
 name = "typenum"
 version = "1.19.0"
@@ -2075,6 +2126,15 @@ dependencies = [
  "windows-link",
 ]
 
+[[package]]
+name = "winnow"
+version = "0.7.15"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "df79d97927682d2fd8adb29682d1140b343be4ac0f08fd68b7765d9c059d3945"
+dependencies = [
+ "memchr",
+]
+
 [[package]]
 name = "wit-bindgen"
 version = "0.51.0"
diff --git a/quicklendx-contracts/src/lib.rs b/quicklendx-contracts/src/lib.rs
index d9d127f2..a2380216 100644
--- a/quicklendx-contracts/src/lib.rs
+++ b/quicklendx-contracts/src/lib.rs
@@ -172,6 +172,10 @@ mod test_profit_fee;
 // mod test_refund;
 // #[cfg(all(test, feature = "legacy-tests"))]
 // mod test_storage;
+#[cfg(all(test, feature = "legacy-tests"))]
+mod test_reentrancy;
+#[cfg(all(test, feature = "legacy-tests"))]
+mod test_reentrancy_fault_injection;
 #[cfg(test)]
 mod test_storage_key_layout;
 #[cfg(all(test, feature = "legacy-tests"))]