Skip to content

#633 Add factory min/max rate-per-second policy enforcement in fluxor…#711

Merged
Jagadeeshftw merged 2 commits into
Fluxora-Org:mainfrom
felladaniel36-hash:#633-Add-factory-min/max-rate-per-second-policy-enforcement-in-fluxora_factory--create_stream-FIX
Jun 24, 2026
Merged

#633 Add factory min/max rate-per-second policy enforcement in fluxor…#711
Jagadeeshftw merged 2 commits into
Fluxora-Org:mainfrom
felladaniel36-hash:#633-Add-factory-min/max-rate-per-second-policy-enforcement-in-fluxora_factory--create_stream-FIX

Conversation

@felladaniel36-hash

@felladaniel36-hash felladaniel36-hash commented Jun 23, 2026

Copy link
Copy Markdown
Contributor

Description

This PR introduces optional MinRatePerSecond and MaxRatePerSecond policy bounds to the FluxoraFactory. Treasury administrators are now able to enforce rate-per-second limits on streams created through the factory, alongside the existing deposit cap and minimum duration controls.

The new policy checks are enforced within create_stream before the cross-contract call to fluxora_stream. This prevents allowlisted recipients from creating streams that drain funds at rates exceeding treasury-defined limits.

When no rate bounds are configured, behavior remains unchanged, ensuring full backward compatibility.

Type of Change

• Bug fix (non-breaking issue resolution)
• New feature (non-breaking functionality addition)

Related Issues

Closes: Factory rate bounds enforcement.

Changes Made

• Added MinRatePerSecond and MaxRatePerSecond storage keys to factory instance storage.
• Added an admin-only set_rate_bounds(min: Option, max: Option) function.
• Added validation to ensure 0 ≤ min ≤ max when both values are provided.
• Added new error types:

  • FactoryError::RateBelowMin
  • FactoryError::RateAboveMax
    • Added rate-bound validation within create_stream before any cross-contract interaction.
    • Added documentation describing rate-bound behavior, validation rules, and security assumptions.
    • Updated guard-ordering documentation to include the new rate validation step.

Snapshot Tests

No snapshot files were modified.

Testing

Test Coverage

• All existing tests continue to pass because rate limits are optional.
• Added tests covering:

  • Rate exactly at minimum bound
  • Rate exactly at maximum bound
  • Rate above maximum bound
  • Unset bounds behavior
    • Test coverage remains above 95%.

Manual Testing

• Verified edge cases, including:

  • Rates exactly matching configured bounds
  • Unset rate bounds
  • Rejection of invalid negative values in the setter
    • Verified error handling for:
  • RateBelowMin
  • RateAboveMax

Documentation

• Added and updated code comments, including detailed documentation for set_rate_bounds and rate-bound behavior.
• Updated docs/factory.md with a dedicated rate-bound policy section.

Security Considerations

• No new security concerns introduced.
• Verified authorization controls through require_admin on set_rate_bounds.
• Added validation to enforce non-negative values and proper min/max ordering.
• Reviewed error handling paths.
• Confirmed rate validation occurs before the cross-contract call and cannot be bypassed through the factory.

Checklist

• Code follows project style guidelines.
• Self-review completed.
• Complex logic documented with comments.
• Documentation updated.
• No new warnings introduced.
• Tests added to validate functionality.
• New and existing tests pass locally.
• Dependent changes have been merged and published.

Additional Notes

Rate bounds provide an additional treasury-level safety layer on top of the stream contract's existing MAX_RATE_PER_SECOND protection. Direct interactions with the stream contract remain intentionally outside the scope of this change and continue to be supported.

Reviewer Checklist

• Review code quality and style.
• Verify test coverage.
• Confirm documentation completeness.
• Review any snapshot-related impacts.
• Assess security implications.
• Confirm any breaking changes are documented.

CLOSE #633

@drips-wave

drips-wave Bot commented Jun 23, 2026

Copy link
Copy Markdown

@felladaniel36-hash Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

# Conflicts:
#	contracts/factory/src/lib.rs
@Jagadeeshftw Jagadeeshftw merged commit 6ca3428 into Fluxora-Org:main Jun 24, 2026
0 of 2 checks passed
@Jagadeeshftw

Copy link
Copy Markdown
Contributor

rate-per-second bounds enforced as guard 6 in create_stream rounds out the policy story nicely. heads up: i rebased this onto main after #710 landed, the create_stream guard chain collided with the new cap/min_duration validators so i combined both sides by hand, kept your pause guard, rate-bound checks and the FactoryStreamIds registry append alongside the new InvalidCap/InvalidMinDuration validation (renumbered those two error variants to 14/15 to avoid clashing with your 9-13). builds clean against fluxora_factory.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add factory min/max rate-per-second policy enforcement in fluxora_factory::create_stream

3 participants