Fix: game_id is not validated for uniqueness — same game can be used in multiple matches

[yahia008]

Priority: High
Estimated Time: 1 hour

Description:
The same game_id can be used to create multiple matches. An attacker could create duplicate matches for the same game and collect payouts multiple times if the oracle submits results for the same game ID.

Tasks:

• Track used game_id values in a DataKey::GameId(String) persistent entry
• Reject create_match if game_id already exists, returning Error::AlreadyExists
• Add test for duplicate game ID rejection

[theFirstCodeManiac]

@theFirstCodeManiac has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

I’d love to take this on because this is a critical integrity issue around match uniqueness. I’ve fixed similar smart contract validation bugs before, especially around duplicate identifiers and state tracking.

I’m comfortable with Rust (Soroban), smart contract security, and testing.

I’ll persist game_id in storage, enforce uniqueness in create_match, return a structured AlreadyExists error, and add tests to cover duplicate rejection.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @theFirstCodeManiac to this issue.

[Praxhant97]

@Praxhant97 has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

Hi there! I can help fix this high-priority bug by adding persistent storage tracking for used game IDs. I'm familiar with Soroban's state management and can ensure the validation logic and unit tests are airtight to prevent duplicate match creation. Kindly assign this to me so that I can start working on it. I have worked with similar issues earlier. Looking forward to working with you!
Time Required: 1 hour

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Praxhant97 to this issue.