Description
There is currently no client-side rate limiting on stream creation. A malicious user (or buggy script) could rapidly fire hundreds of create_stream transactions, spamming the contract's index storage and potentially degrading RPC performance.
While the Stellar network itself has base fee and sequence number constraints, adding frontend rate limiting provides an additional layer of defense and better UX (prevents accidental double-submissions).
Proposed Solution
- Debounce the "Create Stream" button — disable it for 5 seconds after a successful submission
- Track creation count per session — warn after 10 streams in a 5-minute window
- Add a confirmation dialog for batch creation of more than 20 streams
- Use
AbortController to prevent duplicate in-flight transactions
Acceptance Criteria
Description
There is currently no client-side rate limiting on stream creation. A malicious user (or buggy script) could rapidly fire hundreds of
create_streamtransactions, spamming the contract's index storage and potentially degrading RPC performance.While the Stellar network itself has base fee and sequence number constraints, adding frontend rate limiting provides an additional layer of defense and better UX (prevents accidental double-submissions).
Proposed Solution
AbortControllerto prevent duplicate in-flight transactionsAcceptance Criteria