Add Access Control for Vault Deduct (Authorized Caller Only)

[greatest0fallt1me]

Description
Restrict deduct so only an authorized caller (e.g. backend billing service) can decrease balance. Prevent arbitrary addresses from draining the vault.

Requirements and context

• Must be secure, tested, and documented
• Should be efficient and easy to review
• Define authorized deduct caller (single address or role)
• Document integration with backend signers

Suggested execution

• Fork the repo and create a branch
• git checkout -b feature/deduct-access-control
• Implement changes
  • Add storage for authorized deduct caller (or use Soroban auth with backend key)
  • In deduct, require caller to be authorized
  • Add owner-only function to set/update authorized deduct caller
• Test and commit
  • Run tests; add cases: authorized caller can deduct, others cannot; edge case exact balance
  • Include test output and security notes
• Example commit message: feat: restrict deduct to authorized caller

Guidelines

• Minimum 95 percent test coverage
• Clear documentation
• Timeframe: 96 hours
• Project details: #

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 200 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

Warning

Only applications submitted via the apply link above will be considered. Please do not apply by commenting on the issue or opening a PR directly.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[mansory-01]

@mansory-01 has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

Hi, i fully understand the task and requirement. Will complete this in 24 hours when assigned.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @mansory-01 to this issue.

[drips-wave]

Congratulations, @mansory-01! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on February 26, 2026.

🧑‍💻 @mansory-01: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are issued when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊