��# Issue 23: Add Rate Limiting and Throttle Checks
Problem
No protection against spam. Malicious actor could repeatedly call operations to exhaust resources.
Solution
- Implement
RateLimit { calls_per_minute: u32, calls_per_hour: u32 } config
- Track call counts per caller in contract state
- Return
RateLimitExceeded error when limit violated
- Add configurable rate limit policy per operation type
Implementation Tasks
Note for Contributors
This is a spam and resource protection feature for production robustness. Implement per-caller rate limits to prevent any single address from exhausting contract resources. Support multiple limit types: calls per minute, calls per hour, calls per day. Use timestamp-based bucketing (e.g., bucket = timestamp / 60 for per-minute). Store call counts per caller per bucket. Check limits at the start of expensive operations: record_token, record_vote, record_ballot. Admin can configure rate limits per operation. Default limits should be generous (e.g., 100 calls/minute) to avoid blocking legitimate usage. Return RateLimitExceeded error with cooldown info. Consider gradual backoff instead of hard blocking (out of scope for MVP). Emit rate limit events for monitoring. Ensure rate limit logic is efficient to avoid gas exhaustion in the check itself.
��# Issue 23: Add Rate Limiting and Throttle Checks
Problem
No protection against spam. Malicious actor could repeatedly call operations to exhaust resources.
Solution
RateLimit { calls_per_minute: u32, calls_per_hour: u32 }configRateLimitExceedederror when limit violatedImplementation Tasks
set_rate_limit(operation, limit)(admin only)Note for Contributors
This is a spam and resource protection feature for production robustness. Implement per-caller rate limits to prevent any single address from exhausting contract resources. Support multiple limit types: calls per minute, calls per hour, calls per day. Use timestamp-based bucketing (e.g., bucket = timestamp / 60 for per-minute). Store call counts per caller per bucket. Check limits at the start of expensive operations: record_token, record_vote, record_ballot. Admin can configure rate limits per operation. Default limits should be generous (e.g., 100 calls/minute) to avoid blocking legitimate usage. Return RateLimitExceeded error with cooldown info. Consider gradual backoff instead of hard blocking (out of scope for MVP). Emit rate limit events for monitoring. Ensure rate limit logic is efficient to avoid gas exhaustion in the check itself.