On-chain payment verification for reported digests

[funkiirabu]

Problem

Payment reports submitted via POST /api/report are trusted at face value. A malicious actor could submit fake digests, inflating a server's transaction count and volume.

Currently acceptable because:

• Only known servers report (t2000 gateway)
• Low volume means manual spot-checking is feasible

Won't scale when multiple independent servers are reporting.

Solution

Verify reported payment digests on-chain before recording them.

Verification steps

• Call suiClient.getTransactionBlock({ digest }) to confirm the tx exists
• Verify the tx succeeded (status === 'success')
• Confirm the recipient matches the server's registered recipient address
• Confirm the amount and currency (USDC) match the report
• Reject duplicate digests (ties into Digest replay protection in @suimpp/mpp server verification #2 — digest replay protection)

Implementation options

1. Synchronous — verify on-chain during the POST /api/report request (adds latency)
2. Async queue — accept the report, mark as pending, verify in background cron
3. Hybrid — accept with verified: false, cron upgrades to verified: true

Acceptance criteria

• Fake digests are rejected or flagged
• Verified payments get a checkmark in the explorer
• Server stats only count verified payments
• Verification adds < 500ms latency (if synchronous)

Context

Deferred from Phase 4. Related to #2 (digest replay protection). Both can share the same on-chain lookup.