SuperAdmin Nomination in Two-Step Transfer Is Not Time-Limited, Allowing Permanent Pending State

[Emeka000]

Description
The two-step SuperAdmin transfer (nominate → accept) stores a pending nominee indefinitely. If the nominated address never calls accept_super_admin, the nomination sits in storage forever. Worse, the current SuperAdmin cannot cancel the nomination — they are blocked from nominating a different address because a pending nomination already exists.
Fix Requirements

Add a nominated_at timestamp and nomination_expiry (default: 24 hours) to the nomination storage entry
accept_super_admin must check that env.ledger().timestamp() <= nominated_at + nomination_expiry — return ContractError::NominationExpired if not
Add a cancel_nomination(env) function callable by the current SuperAdmin that clears any pending nomination
Expired nominations are also cleared lazily when a new nominate_super_admin call is made

Acceptance Criteria

Nominations expire after 24 hours (configurable via a constant)
accept_super_admin after expiry returns ContractError::NominationExpired
cancel_nomination clears the pending nomination and allows a new nomination immediately
A new nomination replaces an expired pending nomination without error
Tests cover: successful transfer, expired nomination attempt, cancel and re-nominate

[drips-wave]

This issue has been added to the Stellar Wave Program and is worth 200 Points.

🧑‍💻 Interested in contributing? Apply to work on this issue on Drips Wave, earn points, and receive rewards.

Warning

Only applications submitted via the apply link above will be considered. Please do not apply by commenting on the issue or opening a PR directly.

🤠 Repo maintainers: You can manage this issue's Points and Complexity on your Maintainer Dashboard here. Please keep an eye on applications and respond quickly 💙

ℹ️ Learn more about Drips Wave

[OlaGreat]

@OlaGreat has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

Hi, I'd like to work on this issue. I'll add the nominated_at timestamp and expiry check to the nomination storage, implement cancel_nomination, and add lazy cleanup on new nominations. I'll also write tests covering all the acceptance criteria. Could you assign this to me

ℹ️ Repo Maintainers: To accept this application, review their application or assign @OlaGreat to this issue.

[adewuyito]

@adewuyito has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

allow me to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @adewuyito to this issue.

[observerr411]

@observerr411 has applied to work on this issue as part of the Stellar Wave Program's 2nd wave.

i would like to work on this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @observerr411 to this issue.

[vitalis200]

@vitalis200 has applied to work on this issue as part of the Stellar Wave Program's 3rd wave.

i will like to work on this

ℹ️ Repo Maintainers: To accept this application, review their application or assign @vitalis200 to this issue.

[drips-wave]

Congratulations, @vitalis200! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on March 30, 2026.

🧑‍💻 @vitalis200: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊