feat: implementing verify_ledger_age and Prevent Flash Donations#139
Open
Codekill33 wants to merge 1 commit intoWeb3Novalabs:mainfrom
Open
feat: implementing verify_ledger_age and Prevent Flash Donations#139Codekill33 wants to merge 1 commit intoWeb3Novalabs:mainfrom
Codekill33 wants to merge 1 commit intoWeb3Novalabs:mainfrom
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR prevents “flash” donations by ensuring a user cannot donate and withdraw (or request a refund) within the same ledger.
Solution
We now track the ledger number of the user’s most recent donation and block refund/withdraw operations if they occur in the same ledger.
Implementation Details
✅ Store last_donation_ledger for each user at donation time
✅ On refund/withdraw:
Compare current ledger number with last_donation_ledger
Reject transaction if they match
✅ Added validation error with clear failure reason
Requirements Covered
✔ Store the ledger number of the last donation
✔ Ensure refund fails if called in the same ledger as donation
Testing
Added unit tests to verify:
Refund fails when called in the same ledger as donation
Refund succeeds when called in a later ledger
No regression to existing donation/refund logic
Impact
No breaking changes
Minimal storage overhead (single ledger value per user)
Improves economic safety and prevents ledger-level exploitation
closes #99