Issue 183: security: Create a Whitelist registry specifically for Flash Loan borrowers

[AlAfiz]

Description

While flash loans are powerful, allowing completely unknown, anonymous smart contracts to borrow millions of dollars of our liquidity introduces massive surface area for zero-day exploits.
Until TradeFlow is battle-tested, we should restrict flash loan borrowing strictly to verified arbitrage bots and trusted partner protocols.
We need to add a whitelist mapping that the Admin can update, ensuring only approved contract IDs can successfully call the flash_loan function.
This significantly reduces our risk profile for the Wave 3 Mainnet Beta.

Requirements

• Add an approved_flash_borrowers: Map<Address, bool> to the contract's instance storage.
• Create an Admin-only set_flash_borrower_status(borrower_address, is_approved) function.
• At the top of the flash_loan execution flow, check if the caller's address is mapped to true.
• If the caller is not on the whitelist, panic immediately with Error::UnauthorizedBorrower.

[drips-wave]

Congratulations, @noelams! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on March 30, 2026.

🧑‍💻 @noelams: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊