[PR #38] p2: executeOperation sanity guards (asset/debt mismatch, amount/repay mismatch) have no tests

[obchain]

Summary

executeOperation contains two require statements that fire after the security gates and parameter decode:

require(asset == p.debtToken, "asset/debt mismatch");
require(amount == p.repayAmount, "amount/repay mismatch");

No test in CharonLiquidator.t.sol exercises either of these guards. These checks are the defense against a scenario where the flash-loan terms handed back by Aave differ from what was encoded in params — either through a misconfigured call or a pool-side discrepancy.

Location

contracts/src/CharonLiquidator.sol — executeOperation steps b1 and b2
contracts/test/CharonLiquidator.t.sol — no test covering these paths

Fix

Add two tests in Section A or a new Section A.2:

1. Prank as STUB_POOL, pass initiator = address(liquidator), set asset to a different address than the debtToken in encoded params. Expect revert "asset/debt mismatch".
2. Same setup but pass amount different from repayAmount in encoded params. Expect revert "amount/repay mismatch".

Note: these tests require a liquidator deployed with STUB_POOL as the Aave pool so the msg.sender == AAVE_POOL gate passes.

Refs #38

[obchain]

Fixed via commit 6447016. Two new tests pin the sanity checks:

• test_executeOperation_revertsOnAssetDebtMismatch passes a wrong asset address and asserts revert asset/debt mismatch.
• test_executeOperation_revertsOnAmountRepayMismatch passes a mismatched amount and asserts revert amount/repay mismatch.
  Both tests prank the configured pool as msg.sender with the correct initiator so the access-control gates pass first and the target requires are the reached revert.