Enforce concentration limit on enabled-but-stale concentration data in report_revenue

[thlpkee20-wq]

Description

report_revenue enforcement reads CurrentConcentration defaulting to 0 when none has ever been reported, so an offering with enforce=true and max_bps>0 will pass enforcement even though concentration is genuinely unknown. Add an option to require a fresh report_concentration (staleness window) before allowing reports when enforcement is on, closing a silent bypass.

Requirements and context

• Must be secure, tested, and documented
• Should be efficient and easy to review
• Relevant code: src/lib.rs (report_revenue concentration branch, report_concentration, set_concentration_limit)
• Track a last-reported timestamp alongside CurrentConcentration

Suggested execution

• Fork the repo and create a branch
• git checkout -b feat/concentration-staleness-guard
• Implement changes
  • Persist a ConcentrationReportedAt timestamp in report_concentration
  • Add an optional max_staleness_secs to ConcentrationLimitConfig or a separate setter
  • In report_revenue, reject with ConcentrationLimitExceeded (or a new error) when data is missing/stale and enforcement is on
• Validate security and correctness assumptions

Test and commit

• Run tests
  • cargo test
• Cover edge cases
  • No prior report, stale report past window, fresh report, enforce off
• Include test output and security notes

Example commit message

feat: reject report_revenue on stale concentration when enforcement enabled

Guidelines

• Minimum 95 percent test coverage
• Clear documentation
• Timeframe: 96 hours

[millicentogalanya]

@millicentogalanya has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

please assign this issue to me, i've worked on something similar and i'll deliver quickly. ETA~5hrs

ℹ️ Repo Maintainers: To accept this application, review their application or assign @millicentogalanya to this issue.

[drips-wave]

Congratulations, @SHEROSE0! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @SHEROSE0: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[Escelit]

@Escelit has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

I’d like to work on this issue because it contributes to improving the project's functionality, reliability, and overall user experience. I enjoy working on open-source projects and collaborating with maintainers to deliver clean, maintainable solutions.

I have experience with software development across frontend, backend, testing, and debugging tasks. I’m comfortable working with existing codebases, following project guidelines, writing tests, and ensuring changes are well-documented. I can investigate the current implementation, propose a clear solution, and deliver a high-quality contribution that meets the acceptance criteria.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Escelit to this issue.

[SHEROSE0]

@SHEROSE0 has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

I am a full-stack developer with 3 years of experience. I can fix this issue and submit it on time

ℹ️ Repo Maintainers: To accept this application, review their application or assign @SHEROSE0 to this issue.

[Hunter-baddie]

@Hunter-baddie has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Can I work on this issue?

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Hunter-baddie to this issue.