Soroban contract `lib.rs` does not enforce a maximum number of outcomes per market

[hman38705]

Labels: contracts, security
Priority: High

Description

contracts/predict-iq/src/lib.rs allows market creation with multiple outcomes. Without a maximum outcome count, a malicious actor could create a market with thousands of outcomes, causing excessive gas consumption for all subsequent operations on that market.

Acceptance Criteria

• Maximum outcome count enforced (e.g., 10) in market creation
• Exceeding the limit returns a descriptive contract error
• Limit value defined as a named constant, not a magic number

[unrealtim-tech]

@unrealtim-tech has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hi, I woould like to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @unrealtim-tech to this issue.

[drips-wave]

Congratulations, @unrealtim-tech! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @unrealtim-tech: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊