Security review: cross-contract reentrancy checklist (all crates)

[Jagadeeshftw]

Great issue: Security review: cross-contract reentrancy checklist (all crates)

Description

Produce a short security appendix listing reentrancy surfaces across program-escrow, bounty_escrow, soroban mirrors.

Requirements and context

Reference malicious_reentrant patterns where present.

Must be secure, tested, and documented
Should be efficient and easy to review

Suggested execution

Fork the repo and create a branch
git checkout -b feature/contracts-reentrancy-review

Implement changes

Review: program-escrow/src/reentrancy_guard.rs, bounty_escrow/contracts/escrow/src/reentrancy_guard.rs, soroban contracts
Write tests: extend reentrancy tests where gaps found
Add documentation: consolidated security notes (contracts-only)

Include Rust doc comments (///) on public items equivalent to NatSpec-style documentation
Validate security assumptions

Test and commit

Run tests: from contracts/ directory run cargo test (scope with -p grainlify-core, -p program-escrow, -p bounty-escrow, -p view-facade as appropriate). For Soroban crates under soroban/contracts/, run cargo test from that package workspace.
Cover edge cases
Include test output summary and security notes in the PR

Example commit message

docs(contracts): reentrancy checklist across crates

Guidelines

Minimum 95 percent test coverage for new or materially changed contract code
Clear documentation (module-level docs and targeted README sections where new surface area is introduced)
Timeframe: 96 hours

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 200 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

Warning

Only applications submitted via the apply link above will be considered. Please do not apply by commenting on the issue or opening a PR directly.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[tecch-wiz]

@tecch-wiz has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

I’d be excited to take this on my experience in smart contract engineering and end-to-end system architecture makes me confident I can deliver exactly what’s needed.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @tecch-wiz to this issue.

[drips-wave]

Congratulations, @tecch-wiz! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on March 30, 2026.

🧑‍💻 @tecch-wiz: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[zhaog100]

/attempt

[zhaog100]

/attempt