Monitoring
The following remediation steps have been deployed and are currently under observation: Service Layer Decoupling: We have refactored the internal provider architecture, moving away from constructor-based injection to a Lazy Retrieval pattern using Container.get() within method execution scopes. Deployment of Whale Leniency Logic: Introduced a context-aware validation layer in the Analysis Worker. Whales (users with >= 5,000 VOT3 power or VIP status) are now evaluated via a specialized heuristic path: Visual Leniency: Permits Near Match, document layouts (likely recurring merchant templates) while maintaining a hard-block on exact bit-level duplicates (distance: 0). Dynamic OCR Thresholding: Increased the similarity rejection threshold from 0.85 to 0.98 for high-tier users. This allows receipts with similar structural data but different line items to pass validation. Frontend Performance & UX Hardening: Asset Modernization: Optimized Largest Contentful Paint (LCP) by migrating all brand assets (logos) to the WebP format, reducing payload size. PWA Manifest Refresh: Synchronized high-resolution icon sets ( logofbg.png ) for improved mobile/standalone experience. UI Asynchrony Protection: Implemented a Pre-flight Skeleton State in the SubmissionBox . This prevents Ghost Clicks by strictly locking the UI until the useDailyLimit hook has fully synchronized with the B3TR Reward Pool state (< 500 B3TR hard-block).
Identified
Our deep-dive investigation revealed three distinct but interconnected issues: Architecture Conflict (Circular Dependency): A recursive dependency loop was identified between AntiFraudService and MultiplierService . Both services were attempting to perform constructor-level injection of one another via the TypeDI container. This led to a CannotInjectValueError, preventing the Dependency Injection (DI) container from resolving the service tree, effectively crashing the runtime. Strict-Fraud Algorithmic Over-Sensitivity: The StrictFraudService utilized a static 85% similarity threshold for OCR text and visual dHash comparison. This global policy failed to account for Power Users (Whales) who legitimately visit the same merchants (e.g., daily supermarket visits). These users' receipts share identical document headers, footers, and layouts, which were incorrectly flagged as Replay Attacks by our heuristic engine. Zombie Process Port Locking: Due to the abrupt Nature of the crashes, a zombie Node.js process remained active.
Investigating
We are currently investigating reports of intermittent backend service crashes causing 500 Internal Server Error during receipt submissions. Additionally, we have noted an elevated rate of submission rejections affecting high-tier users. Our engineering team is currently auditing the service container initialization logs and OCR validation outputs.