Add issuer-authorized blacklist size cap enforcement with BlacklistSizeLimitExceeded in blacklist_add

[thlpkee20-wq]

Description

RevoraError::BlacklistSizeLimitExceeded exists but blacklist_add does not appear to enforce a per-offering cap, risking unbounded blacklist growth that degrades gas for get_blacklist and report_revenue (which snapshots the blacklist into events). Add a configurable per-offering maximum and enforce it in blacklist_add.

Requirements and context

• Must be secure, tested, and documented
• Should be efficient and easy to review
• Relevant code: src/lib.rs (blacklist_add, get_blacklist, get_blacklist_size)
• blacklist_add must remain idempotent and only callable by the current issuer

Suggested execution

• Fork the repo and create a branch
• git checkout -b feat/blacklist-size-cap
• Implement changes
  • Add a set_blacklist_size_limit issuer setter and a MAX_BLACKLIST_SIZE ceiling
  • Return BlacklistSizeLimitExceeded from blacklist_add when the cap is reached
  • Skip the count for re-adds (idempotent) so the cap is not falsely triggered
• Validate security and correctness assumptions

Test and commit

• Run tests
  • cargo test
• Cover edge cases
  • Adding at cap, idempotent re-add at cap, removing then re-adding
• Include test output and security notes

Example commit message

feat: enforce per-offering blacklist size cap in blacklist_add

Guidelines

• Minimum 95 percent test coverage
• Clear documentation
• Timeframe: 96 hours

[mrmoney10010-design]

@mrmoney10010-design has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hi Team, I'd like to claim this issue and will resolve it within the 96-hour timeframe. I will implement the set_blacklist_size_limit setter and enforce the BlacklistSizeLimitExceeded cap in blacklist_add while keeping it idempotent. Finally, I'll ensure 95%+ test coverage in src/lib.rs covering all cap and boundary edge cases.Hi Team, I'd like to claim this issue and will resolve it within the 96-hour timeframe. I will implement the set_blacklist_size_limit setter and enforce the BlacklistSizeLimitExceeded cap in blacklist_add while keeping it idempotent. Finally, I'll ensure 95%+ test coverage in src/lib.rs covering all cap and boundary edge cases.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @mrmoney10010-design to this issue.

[centboy123]

@centboy123 has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

I am highly interested in working on this issue because enforcing a size cap on an issuer authorized blacklist is critical for the security, predictability, and gas optimization of smart contracts. Without a strict cap, an unbounded array or mapping could lead to massive gas costs during iterations or, worse, out of gas errors that could permanently DOS (Denial of Service) critical contract functions.

I enjoy tackling optimization and defensive programming challenges that safeguard protocol state mechanics. Implementing this enforcement will ensure the contract remains robust and scalable.

Relevant Experience:
Smart Contract Development Experienced in writing and auditing smart contracts, with a strong focus on data structure optimization and state management.

Defensive Design Patterns Familiar with implementing guardrails, modifiers, and strict validation checks (like maximum array length limits) to prevent unbounded loops and DOS vulnerabilities.

Testing & Validation Skilled in writing comprehensive unit tests using frameworks like Foundry or Hardhat to ensure edge cases such as reaching or exceeding the maximum cap are handled safely and revert as expected

ℹ️ Repo Maintainers: To accept this application, review their application or assign @centboy123 to this issue.

[drips-wave]

Congratulations, @centboy123! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @centboy123: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊

[drips-wave]

This issue has been completed by @centboy123 as part of the Stellar Wave Program's 5th Wave 🥳

😎 @centboy123: You earned 200 Points for completing this issue! After the current Wave ends, you'll be eligible for a percentage of the Wave's reward pool based on the percentage of total points you've earned. Learn more here. You can also Leave a review to share your experience working on this issue.

🧑‍💻 Repo maintainers: How'd the contributor do? Leave a review to share your experience working with them.