Skip to content

Add CPU-instruction budget guard around resolve_market and distribute_payouts hot path #599

Description

@greatest0fallt1me

Description

resolve_market and distribute_payouts iterate over per-user stakes and emit several events. As markets grow we risk exceeding Soroban's per-transaction CPU-instruction budget. We need a measured budget guard that aborts gracefully with a typed error before the host runs out of resources.

Requirements and Context

  • Read the current instruction budget via env.budget().cpu_instruction_cost() style calls at well-defined checkpoints
  • Add a BudgetGuard helper in gas.rs that records pre/post-call cost and short-circuits with Error::OperationWouldExceedBudget if remaining < configured threshold
  • Wire the guard into MarketResolutionManager::resolve_market and the distribute_payouts loop in lib.rs
  • Must be secure, tested, and documented
  • Should be efficient and easy to review

Suggested Execution

  1. Fork the repo and create a branch
    git checkout -b feat/cpu-instruction-budget-guard
  2. Implement changes
    • contracts/predictify-hybrid/src/gas.rs
    • contracts/predictify-hybrid/src/resolution.rs
    • contracts/predictify-hybrid/src/lib.rs (call sites)
    • contracts/predictify-hybrid/src/err.rs (new OperationWouldExceedBudget variant)
  3. Test and commit
    • cargo test -p predictify-hybrid budget_guard -- --nocapture
    • Cover edge cases: tiny budget, huge winner set, single winner
    • Include test output and notes in the PR

Example commit message

feat: enforce per-transaction CPU-instruction budget guard in resolution path

Acceptance Criteria

  • BudgetGuard documented with /// rustdoc and used at >= 3 hot-path call sites
  • New error variant emitted via events::ErrorLoggedEvent for client visibility
  • Unit test reproduces an abort with a synthetic low budget
  • No unwrap() on Result from budget queries

Guidelines

  • Validate auth and storage TTL assumptions remain intact when aborting mid-payout
  • Minimum 95% coverage of new branches
  • Clear documentation and inline comments
  • Timeframe: 96 hours

Metadata

Metadata

Assignees

Labels

GRANTFOX OSSGrantFox open-source campaign taskMAYBE REWARDEDMay be rewarded under the GrantFox campaignOFFICIAL CAMPAIGNOfficial GrantFox campaign issueStellar WaveIssues in the Stellar wave programenhancementNew feature or improvementrustRust implementationsmart-contractSoroban smart-contract worksorobanSoroban SDK / Stellar

Fields

No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions