Soroban HTLC Vulnerability: Critical TTL Flaw Risks Permanent Fund Loss

A critical vulnerability in the Soroban HTLC smart contract risks the permanent loss of user funds due to a fundamental flaw in how storage entries are managed. The contract fails to properly extend the Time-To-Live (TTL) for lock entries, meaning they can expire and be garbage collected before the associated timelock period ends. This creates a direct path for funds to become completely unrecoverable.

The core issue lies in the contract's storage logic. While it correctly creates persistent lock entries using `env.storage().persistent().set()`, it never calls the required `extend_ttl()` function. On the Stellar mainnet, the default TTL for such entries is approximately 30 days. If a payment with a shorter timelock—for example, 24 hours—is created near the end of a storage entry's lifecycle, the lock entry will expire and be deleted before the timelock does. Once garbage collected, the funds associated with that entry are lost forever.

This flaw necessitates an immediate fix to every function that interacts with a lock entry. Developers must implement TTL extension immediately after every `set()` or `get()` operation. The required extension must cover the full remaining duration of the timelock plus a safety buffer, calculated from the current ledger timestamp. Without this patch, the HTLC contract remains unsafe for use, exposing all cross-chain atomic swap transactions to an unacceptable risk of total capital loss.