Skip to content

feat: add rolling-window withdrawal rate limit to treasury#336

Merged
OxDev-max merged 2 commits into
OpenLedger-Foundation:mainfrom
Inkman007:feature/treasury-withdrawal-rate-limit
Jun 28, 2026
Merged

feat: add rolling-window withdrawal rate limit to treasury#336
OxDev-max merged 2 commits into
OpenLedger-Foundation:mainfrom
Inkman007:feature/treasury-withdrawal-rate-limit

Conversation

@Inkman007

Copy link
Copy Markdown
Contributor

Protect treasury against single-key drain by introducing a per-24h rolling-window withdrawal cap. Both withdraw() and emergency_withdraw() now enforce the cap; the cap itself is protected by a 24 h timelock so it cannot be raised immediately after a compromise.

  • Add WithdrawalCap / EpochStart / EpochWithdrawn / WithdrawalCapProposal DataKey variants (and WithdrawalLock to fix pre-existing compile error)
  • Add EPOCH_DURATION = 86_400 s constant
  • enforce_rate_limit(): resets epoch counter after 24 h, rejects when EpochWithdrawn + amount > WithdrawalCap (cap = 0 means uncapped)
  • record_withdrawal(): persists running total for the current epoch
  • propose_withdrawal_cap() + execute_withdrawal_cap() (24 h timelock)
  • get_withdrawal_cap() view
  • Add WithdrawalRateLimitExceeded / WithdrawalCapTimelockNotElapsed / NoCapChangeProposed errors to KoraError
  • Add withdrawal_cap_proposed / withdrawal_cap_updated events

Closes #225

Protect treasury against single-key drain by introducing a per-24h
rolling-window withdrawal cap. Both withdraw() and emergency_withdraw()
now enforce the cap; the cap itself is protected by a 24 h timelock so
it cannot be raised immediately after a compromise.

- Add WithdrawalCap / EpochStart / EpochWithdrawn / WithdrawalCapProposal
  DataKey variants (and WithdrawalLock to fix pre-existing compile error)
- Add EPOCH_DURATION = 86_400 s constant
- enforce_rate_limit(): resets epoch counter after 24 h, rejects when
  EpochWithdrawn + amount > WithdrawalCap (cap = 0 means uncapped)
- record_withdrawal(): persists running total for the current epoch
- propose_withdrawal_cap() + execute_withdrawal_cap() (24 h timelock)
- get_withdrawal_cap() view
- Add WithdrawalRateLimitExceeded / WithdrawalCapTimelockNotElapsed /
  NoCapChangeProposed errors to KoraError
- Add withdrawal_cap_proposed / withdrawal_cap_updated events

Closes OpenLedger-Foundation#225
@drips-wave

drips-wave Bot commented Jun 28, 2026

Copy link
Copy Markdown

@Inkman007 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@OxDev-max OxDev-max merged commit 8daf306 into OpenLedger-Foundation:main Jun 28, 2026
1 check failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Implement withdrawal rate-limiting in treasury

2 participants