Add property-based fuzz tests for commitment_core fee and value arithmetic

[1nonlypiece]

📌 Description

commitment_core ships fuzzing.rs, fuzz_tests.rs, and uses
fuzzing::checked_fee_from_bps, but coverage does not yet property-test the full
invariant net_amount = amount - fee and 0 ≤ fee ≤ amount across the entire i128
input domain, including the duplicate fee-computation block in create_commitment.

This issue adds property-based fuzz tests for the fee/value arithmetic.

🎯 Requirements and Context

• Property: for all amount ≥ 0 and bps ∈ 0..=10000, checked_fee_from_bps never overflows and fee ≤ amount.
• Property: net_amount + fee == amount exactly (no value created/destroyed).
• Include the i128::MAX-adjacent inputs and bps = 10000 boundary.
• Reuse the existing fuzzing harness; keep runs deterministic for CI.

🛠️ Suggested Execution

1. Fork the repo and create a branch

git checkout -b test/core-fee-fuzz

2. Implement changes

• Extend contracts/commitment_core/src/fuzz_tests.rs and fuzzing.rs.
• Document properties in docs/SECURITY_AUDIT_PREP.md.

3. Test and commit

• Run: cargo test --target wasm32v1-none --release
• Edge cases: amount=0, bps=0, bps=10000, near-i128::MAX, overflow attempt.

Example commit message

test: property-based fuzzing for core fee/value arithmetic

✅ Guidelines

• Minimum 95% test coverage on the fee paths.
• Document the invariants asserted.
• Timeframe: 96 hours.

🏷️ Labels

type-testing · type-security · area-contracts · MAYBE REWARDED · GRANTFOX OSS · OFFICIAL CAMPAIGN

💬 Community & Support

• Join the CommitLabs contributor Discord to coordinate and get unblocked fast: https://discord.gg/WV7tdYkJk
• Introduce yourself before starting to avoid duplicate work.
• Maintainers triage actively and review fast.

[dangelo352]

I can take this one. I will extend the existing commitment_core fuzz harness with deterministic fee/value arithmetic properties, include i128::MAX-adjacent and bps boundary cases, and document the invariants in SECURITY_AUDIT_PREP.md.