Document DOGE DOOM vulnerability discovered by walkeruin

Walkeruin discovered a clever attack vector where micro-underpayments (~$0.01 USD worth of DOGE) create economically unviable refund obligations that exceed network transaction fees, causing the system to get stuck in endless retry loops.

The vulnerability exploits the economic reality that DOGE network fees (~0.001-0.008 DOGE) can exceed tiny refund amounts, making refunds impossible while consuming system resources through constant retries.

Documented with:

• Attack vector analysis
• Economic threshold calculations
• Impact assessment
• Proposed mitigation strategies
• Recommended minimum refund thresholds

This represents a legitimate resource exhaustion vulnerability that could be exploited to clog the payment processing system.

Summary by CodeRabbit

• New Features

  • Introduced a minimum viable refund threshold to avoid refunds that cost more than their value.
  • Improved handling of duplicate, late/expired, underpayment, and overpayment scenarios, with clear “not refunded” outcomes when uneconomical.
  • Added user notifications explaining when a refund is too small to process.

• Documentation

  • Added a detailed write-up on the “DOGE DOOM” resource-exhaustion issue and recommended mitigations.

• Tests

  • Expanded test coverage for refund calculations, edge cases (incl. DOGE/XMR), and uneconomical-refund logic to ensure reliability.