Skip to content

feat(#635-#638): Security & performance suite — rate guard, sandwich protection, simulation cache, batch health check#657

Open
devonahi wants to merge 5 commits into
Smartdevs17:mainfrom
devonahi:main
Open

feat(#635-#638): Security & performance suite — rate guard, sandwich protection, simulation cache, batch health check#657
devonahi wants to merge 5 commits into
Smartdevs17:mainfrom
devonahi:main

Conversation

@devonahi

@devonahi devonahi commented Jun 30, 2026

Copy link
Copy Markdown

Summary
This PR implements four security and performance enhancements for the StellarLend lending protocol:
Security Features
Closes #638 — Rate Manipulation Detection & Prevention (rate_guard.rs)

  • Monitors per-block rate changes and maintains a TWAP accumulator
  • Alert threshold (10%) emits events; pause threshold (25%) reverts transactions
  • Logs manipulation attempts with address, amount, rate impact, and timestamp
  • Whitelist system for known aggregators to bypass rate checks
  • Dry-run check_rate view for simulation without state changes
    Closes Security: Implement lending pool sandwich attack protection #637 — Sandwich Attack Protection (sandwich_protection.rs)
  • Three protection levels: None, Basic (delay + batch ordering), Max (commit-reveal + delay + batch ordering)
  • Configurable minimum delay between transaction submission and execution
  • Randomized batch execution ordering using cryptographic nonces
  • Commit-reveal scheme for large transactions with configurable expiry
  • Sandwich detection logging with reversal tracking
    Performance Features
    Closes Perf: Add transaction simulation cache for common pool operations #636 — Transaction Simulation Cache (simulation_cache.rs)
  • Block-scoped LRU cache (default 64 entries) with automatic invalidation on new blocks
  • Cache key: hash of (operation_type, pool, user, asset, amount)
  • Hit/miss/eviction statistics for gas savings monitoring
  • Configurable max entries with LRU eviction
    Closes Perf: Optimize multi-pool health check with batched storage reads #635 — Multi-Pool Batch Health Check (batch_view.rs)
  • BatchView function accepting arrays of (pool, user, asset) tuples
  • Single storage read per position with parallel health computation
  • Pagination support for 100+ positions with offset/limit
  • Aggregate stats: healthy count, liquidatable count, average health factor
  • Batch total value computation for collateral/debt aggregation
    Files Changed
    Layer Files
    Contract rate_guard.rs, sandwich_protection.rs, simulation_cache.rs, batch_view.rs, lib.rs
    Frontend RateManipulationDashboard.tsx, SandwichProtectionUI.tsx, SimulationCacheDashboard.tsx, BatchHealthCheck.tsx
    API Routes rateGuard.routes.ts, sandwich.routes.ts, simCache.routes.ts, batchHealth.routes.ts
    CI security-perf-suite.yml

devonahi added 5 commits June 30, 2026 15:09
…nd prevention

- Add rate_guard.rs with per-block rate change monitoring and TWAP accumulation
- Implement alert (>10%) and pause (>25%) thresholds for rate deviations
- Track rate manipulation attempts with address, amount, and rate impact logging
- Support whitelisting known aggregators to bypass rate checks
- Add dry-run check_rate view for simulation without state changes
- Add frontend RateManipulationDashboard for real-time monitoring
- Add API routes for rate guard config, attempts, TWAP, and whitelist queries
- Add sandwich_protection.rs with commit-reveal scheme for large transactions
- Implement configurable minimum delay between transaction submission and execution
- Add randomized batch execution ordering to prevent transaction reordering
- Support three protection levels: None, Basic, Max
- Track pending transactions with random nonce-based shuffle ordering
- Add sandwich pattern detection and logging with reversal tracking
- Add frontend SandwichProtectionUI for protection level selection
- Add API routes for config, protection level, detections, and execution order
…ol operations

- Add simulation_cache.rs with block-scoped LRU cache (default 64 entries)
- Implement cache key hashing from (operation, pool, user, asset, amount)
- Automatic cache invalidation on new blocks for consistency
- Configurable max entries with LRU eviction for capacity management
- Cache hit/miss/eviction statistics for gas savings monitoring
- Add frontend SimulationCacheDashboard for cache stats and manual lookup
- Add API routes for stats, config, lookup, and cache clear operations
…storage reads

- Add batch_view.rs with BatchView function accepting (pool, user, asset) tuples
- Single storage read to load pool configs for all queried positions
- Parallel health computation with no cross-contract calls between positions
- Pagination support for large queries (100+ positions) with offset/limit
- Aggregate batch stats: healthy count, liquidatable count, avg health factor
- Batch total value computation for aggregate collateral/debt across positions
- Add frontend BatchHealthCheck with multi-position query builder
- Add API routes for health check, total value, and liquidatable filtering
- Register rate_guard, sandwich_protection, simulation_cache, batch_view modules
- Add contract entry points for all new security and performance functions
- Add security-perf-suite.yml CI workflow with lint, build, test, and clippy checks
- Update Cargo.lock for new module dependencies
@vercel

vercel Bot commented Jun 30, 2026

Copy link
Copy Markdown

@devonahi is attempting to deploy a commit to the smartdevs17's projects Team on Vercel.

A member of the Team first needs to authorize it.

@drips-wave

drips-wave Bot commented Jun 30, 2026

Copy link
Copy Markdown

@devonahi Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

1 participant