#633 Add factory min/max rate-per-second policy enforcement in fluxor…#711
Conversation
…t in fluxora_factory::create_stream FIXED
|
@felladaniel36-hash Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
# Conflicts: # contracts/factory/src/lib.rs
|
rate-per-second bounds enforced as guard 6 in create_stream rounds out the policy story nicely. heads up: i rebased this onto main after #710 landed, the create_stream guard chain collided with the new cap/min_duration validators so i combined both sides by hand, kept your pause guard, rate-bound checks and the FactoryStreamIds registry append alongside the new InvalidCap/InvalidMinDuration validation (renumbered those two error variants to 14/15 to avoid clashing with your 9-13). builds clean against fluxora_factory. |
Description
This PR introduces optional MinRatePerSecond and MaxRatePerSecond policy bounds to the FluxoraFactory. Treasury administrators are now able to enforce rate-per-second limits on streams created through the factory, alongside the existing deposit cap and minimum duration controls.
The new policy checks are enforced within create_stream before the cross-contract call to fluxora_stream. This prevents allowlisted recipients from creating streams that drain funds at rates exceeding treasury-defined limits.
When no rate bounds are configured, behavior remains unchanged, ensuring full backward compatibility.
Type of Change
• Bug fix (non-breaking issue resolution)
• New feature (non-breaking functionality addition)
Related Issues
Closes: Factory rate bounds enforcement.
Changes Made
• Added MinRatePerSecond and MaxRatePerSecond storage keys to factory instance storage.
• Added an admin-only set_rate_bounds(min: Option, max: Option) function.
• Added validation to ensure 0 ≤ min ≤ max when both values are provided.
• Added new error types:
• Added rate-bound validation within create_stream before any cross-contract interaction.
• Added documentation describing rate-bound behavior, validation rules, and security assumptions.
• Updated guard-ordering documentation to include the new rate validation step.
Snapshot Tests
No snapshot files were modified.
Testing
Test Coverage
• All existing tests continue to pass because rate limits are optional.
• Added tests covering:
• Test coverage remains above 95%.
Manual Testing
• Verified edge cases, including:
• Verified error handling for:
Documentation
• Added and updated code comments, including detailed documentation for set_rate_bounds and rate-bound behavior.
• Updated docs/factory.md with a dedicated rate-bound policy section.
Security Considerations
• No new security concerns introduced.
• Verified authorization controls through require_admin on set_rate_bounds.
• Added validation to enforce non-negative values and proper min/max ordering.
• Reviewed error handling paths.
• Confirmed rate validation occurs before the cross-contract call and cannot be bypassed through the factory.
Checklist
• Code follows project style guidelines.
• Self-review completed.
• Complex logic documented with comments.
• Documentation updated.
• No new warnings introduced.
• Tests added to validate functionality.
• New and existing tests pass locally.
• Dependent changes have been merged and published.
Additional Notes
Rate bounds provide an additional treasury-level safety layer on top of the stream contract's existing MAX_RATE_PER_SECOND protection. Direct interactions with the stream contract remain intentionally outside the scope of this change and continue to be supported.
Reviewer Checklist
• Review code quality and style.
• Verify test coverage.
• Confirm documentation completeness.
• Review any snapshot-related impacts.
• Assess security implications.
• Confirm any breaking changes are documented.
CLOSE #633