[CT-24] Build TransferValidationService

[mftee]

Problem

Transfer records are appended to Redis without verifying that the from_owner in the new transfer matches the to_owner of the most recent transfer. This allows a chain of transfers to be constructed with arbitrary owners, bypassing the custody chain.

Proposed Solution

Create a TransferValidationService inside contract/module/transfer-validation/ that validates custody continuity before recording a new transfer.

Acceptance Criteria

• validate_transfer(cache: &CacheBackend, document_hash: &str, from_owner: &str) async function fetches the transfer history from Redis and checks whether from_owner matches the to_owner of the last recorded transfer
• Returns Ok(true) if the history is empty (first transfer — no prior owner to check) or if from_owner matches the last to_owner
• Returns Ok(false) with a descriptive mismatch message if from_owner does not match
• Returns Err on Redis failure
• The transfer handler in CT-01 (or the transfer route) calls this before recording the new transfer and returns 422 Unprocessable Entity when validation fails, with a message explaining the expected owner
• Unit tests cover: empty history, matching owner, mismatched owner, Redis error
• Implementation files live inside contract/module/transfer-validation/

[CyberXpert607]

@CyberXpert607 has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Hey team,

I'll take #556.

I'll implement TransferValidationService that fetches transfer history from Redis and verifies custody continuity, ensuring from_owner matches the last to_owner (or returns Ok on empty history). Integration into the transfer handler with 422 responses on mismatch. Unit tests for empty/matching/mismatched/Redis error cases included.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @CyberXpert607 to this issue.

[nanaf6203-bit]

@nanaf6203-bit has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

please asssign me this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @nanaf6203-bit to this issue.

[drips-wave]

Congratulations, @nanaf6203-bit! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @nanaf6203-bit: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[grantfox-oss]

🦊 GrantFox — @nanaf6203-bit has been assigned to this issue!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #556)
2. Your PR will be reviewed by the CodeGirlsInc maintainers

Good luck! Track your progress on GrantFox.