feat(audit): implement final pre-mainnet security fixes and invariant…

[shogun444]

Closes #224

---

Summary

Performs a final pre-mainnet security audit of the contract and resolves critical vulnerabilities affecting fee handling, fund safety, and state transitions.

---

Key Fixes

• Fee Consistency

  • Centralized fee calculation in calculate_fee_internal
  • Eliminated fee bypass and leakage across all release paths

• Rounding Protection

  • Added minimum fee enforcement to prevent zero-fee exploits on small amounts

• Dispute Safety

  • Introduced hold-back mechanism for dispute resolution
  • Added claim_disputed_funds to prevent insolvency during appeal window

• Group Buy Safety

  • Implemented withdraw_group_buy_contribution to allow refunds on failed funding
  • Fixed global counter (TotalFundedAmount) consistency

• State Integrity

  • Fixed cancellation flow to support Funded escrows
  • Corrected refund logic:
    • updates TotalRefundedAmount
    • resets cancellation state
    • ensures proper status transitions

• Validation

  • Prevented coexistence of items and milestones in a single escrow

---

Test Updates

• Updated dispute-related tests to reflect hold-back + claim flow
• Added ledger advancement and claim_disputed_funds calls where required
• Fixed fee test edge cases (duplicate escrow + fee withdrawal validation)

---

Results

running 90 tests
test result: ok. 90 passed; 0 failed