fix: prevent multiple calls to request refund [sup-9336]

src/interfaces/ISuperformRouterPlusAsync.sol

@@ -44,6 +44,9 @@ interface ISuperformRouterPlusAsync is IBaseSuperformRouterPlus {
         uint256 newOutputAmount, uint256 expectedOutputAmount, uint256 userSlippage
     );
 
+    /// @notice thrown if the refund is already requested
+    error REFUND_ALREADY_REQUESTED();
+
     /// @notice thrown to avoid processing the same rebalance payload twice
     error REBALANCE_ALREADY_PROCESSED();
 

src/router-plus/SuperformRouterPlusAsync.sol

@@ -430,6 +430,8 @@ contract SuperformRouterPlusAsync is ISuperformRouterPlusAsync, BaseSuperformRou
     function requestRefund(uint256 routerPlusPayloadId_, uint256 requestedAmount) external {
         Refund memory r = refunds[routerPlusPayloadId_];
 
+        if (r.amount != 0) revert REFUND_ALREADY_REQUESTED();
+
         if (msg.sender != r.receiver) revert INVALID_REQUESTER();
         if (r.interimToken == address(0)) revert INVALID_REFUND_DATA();
 

test/unit/router-plus/SuperformRouterPlus.t.sol

@@ -2494,6 +2494,10 @@ contract SuperformRouterPlusTest is ProtocolActions {
         (, address refundToken,) = SuperformRouterPlusAsync(ROUTER_PLUS_ASYNC_SOURCE).refunds(1);
         assertEq(refundToken, address(args.interimAsset));
 
+        // @dev testing refund already requested
+        vm.expectRevert(ISuperformRouterPlusAsync.REFUND_ALREADY_REQUESTED.selector);
+        SuperformRouterPlusAsync(ROUTER_PLUS_ASYNC_SOURCE).requestRefund(1, 100);
+
         // Step 6: Approve refund
 
         /// @dev testing invalid approver (not core state registry)