Skip to content

feat: implement withdrawal rate limiting to prevent flash loan exploits#171

Open
Ryjen1 wants to merge 2 commits into
Heliobond:mainfrom
BuildersWCT:fix/withdrawal-rate-limiting
Open

feat: implement withdrawal rate limiting to prevent flash loan exploits#171
Ryjen1 wants to merge 2 commits into
Heliobond:mainfrom
BuildersWCT:fix/withdrawal-rate-limiting

Conversation

@Ryjen1

@Ryjen1 Ryjen1 commented Jul 2, 2026

Copy link
Copy Markdown

Closes #16

@drips-wave

drips-wave Bot commented Jul 2, 2026

Copy link
Copy Markdown

@Ryjen1 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

…ts (Heliobond#16)

- Add VaultError::DepositLocked (error code 36) to types.rs
- Add VaultKey::LastDeposit(Address) persistent storage key to types.rs
- Implement lock_deposit() and check_deposit_lock() helpers in lib.rs
- Integrate lock_deposit in deposit(), bridge_mint(), wormhole_complete_transfer(), and FungibleToken::transfer()
- Integrate check_deposit_lock in withdraw() to enforce minimum 1-ledger gap
- Add 3 dedicated rate-limiting unit tests (same-ledger panic, next-ledger success, transfer-locked panic)
- Update all existing tests to advance ledger sequence_number between deposit and withdraw
- Update project_registry integration test similarly
- Update test snapshots to reflect new storage state (LastDeposit key)
@Ryjen1 Ryjen1 force-pushed the fix/withdrawal-rate-limiting branch from 6968c7d to 3ec432c Compare July 2, 2026 09:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[Security] Implement withdrawal rate limiting to prevent flash loan attacks

1 participant