Question
Design P2P money transfer where debiting the sender and crediting the recipient are handled by two separate account services (different shards/DBs), the request can arrive twice (client retry), and either service can be briefly unavailable. ~12,000 transfers/sec. Requirements: money is conserved (never created or destroyed), a retried request moves money at most once, and a transfer that can't complete leaves both accounts in a consistent state (no money stuck 'in flight'). How do you guarantee atomicity and idempotency across the two services?
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.