security: add storage exhaustion protection with configurable limits (#80)#225
Merged
Haroldwonder merged 4 commits intoHaroldwonder:mainfrom Mar 27, 2026
Conversation
…loses Haroldwonder#80) - Add Error::LimitExceeded (Haroldwonder#10) to types.rs - Add StorageLimits struct (max_attestations_per_issuer, max_attestations_per_subject) to types.rs - Add StorageKey::Limits and Storage::set_limits / get_limits helpers to storage.rs (instance storage, defaults: 10000 / 100) - Add TrustLinkContract::set_limits (admin-only) and get_limits entry points to lib.rs - Enforce limits in create_attestation and create_attestations_batch before writing to storage - Fix pre-existing unclosed delimiter in test_has_all_claims_short_circuits_on_first_missing - Add 6 unit tests covering: default limits, admin set, non-admin rejected, issuer limit, subject limit, batch issuer limit, and limit raise taking effect immediately (93 tests pass) - Document limits in README with CLI examples
|
@unixfundz Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits. You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #80
Adds configurable per-issuer and per-subject attestation limits to prevent
malicious actors from exhausting on-chain storage.
Changes
src/types.rs— newError::LimitExceeded(code#10) andStorageLimitsstructsrc/storage.rs— newStorageKey::Limitsvariant;Storage::set_limitsandStorage::get_limitshelpers (instance storage)src/lib.rs— limit enforcement increate_attestationandcreate_attestations_batch; newset_limits(admin-only) andget_limitspublic entry pointssrc/test.rs— 6 new unit tests covering all limit scenarios; also fixed a pre-existing unclosed delimiter in an existing testREADME.md— new Storage Exhaustion Protection section with CLI examples;LimitExceededadded to error tableDefault Limits
Acceptance Criteria
LimitExceededLimitExceededset_limitsset_limits(returnsUnauthorized)