Suggest: use crypto/rand instead of math/rand in SVM facilitator #1845
Description
Summary
The SVM facilitator modules use math/rand for selecting fee payer addresses. Since Go 1.20+, math/rand is auto-seeded, so this works correctly — but crypto/rand (or math/rand/v2 with a crypto source) is the idiomatic choice for financial infrastructure code.
Affected files
go/mechanisms/svm/exact/facilitator/scheme.go(L7, L58)go/mechanisms/svm/exact/v1/facilitator/scheme.go(L8, L59)
Both import math/rand and use rand.Intn(len(addresses)) in GetExtra() to randomly select a fee payer address for load distribution.
Context
The client-side code (exact/client/scheme.go, exact/v1/client/scheme.go) already uses crypto/rand for memo nonce generation — so the codebase is already aware of the distinction. Aligning the facilitator code would make the usage consistent across the Go SDK.
Suggested change
// Before
import "math/rand"
randomIndex := rand.Intn(len(addresses))
// After — option A: crypto/rand
import "crypto/rand"
import "math/big"
n, _ := rand.Int(rand.Reader, big.NewInt(int64(len(addresses))))
randomIndex := int(n.Int64())
// After — option B: math/rand/v2 with crypto source (Go 1.22+)
import "math/rand/v2"
randomIndex := rand.IntN(len(addresses))Option B is the simplest if your minimum Go version is 1.22+, since math/rand/v2 uses a crypto-quality source by default.
Happy to open a PR if this aligns with your preferences.