Solana Rate Limiter

A Web2 Backend Pattern Migrated to Blockchain

An on-chain rate limiting system built with native Solana Rust SDK. This project demonstrates how traditional backend systems can be redesigned using Solana's account model and distributed architecture.

🔄 Web2 vs Solana Comparison

Aspect	Web2 Backend	Solana On-Chain
State Storage	Redis/Memory (volatile)	Program Accounts (persistent)
Consistency	Single server (SPOF)	Distributed consensus
Trust Model	Central authority	Trustless verification
Latency	~1-10ms	~400ms (slot time)
Cost Model	Server costs	Transaction fees
Availability	Single point of failure	99.9%+ uptime
Scalability	Vertical scaling	Horizontal (validators)

🏗️ How Rate Limiting Works

Web2 Implementation

Client Request → API Gateway → Redis (check counter) → Allow/Deny
                     ↓
              Increment counter
              Set TTL for window

Problems:

• Single point of failure (Redis down = service down)
• Trust required in infrastructure provider
• Cannot verify rate limit decisions off-chain

Solana Implementation

Client Request → Transaction → Solana Program → Check Account State
                                        ↓
                               Update Account
                               Return Success/Error

Advantages:

• No single point of failure
• Verifiable on-chain
• Works across multiple services
• No need for separate infrastructure

📦 Project Structure

solana-rate-limiter/
├── Cargo.toml              # Project configuration
├── src/
│   └── lib.rs              # Main program (rate limiter logic)
├── client/
│   └── cli.ts              # CLI client (TypeScript)
├── tests/
│   └── integration.ts      # Integration tests
└── README.md               # This file

🚀 Quick Start

Prerequisites

• Solana CLI 2.0+
• Rust 1.70+
• Node.js 18+ (for client)

Build

cargo build-bpf

Deploy to Devnet

solana program deploy ./target/deploy/solana_rate_limiter.so

Usage Example

1. Initialize Config

# Create a rate limit: 100 requests per 60 seconds
solana program call <PROGRAM_ID> init_config 100 60

2. Check Rate Limit

# Check if client can make request (client_id = sha256("user@example.com"))
solana program call <PROGRAM_ID> check_rate_limit <CLIENT_ID>

🎯 Use Cases

1. API Rate Limiting - Protect public APIs from abuse
2. DApp Throttling - Prevent spam in decentralized applications
3. Fair Resource Access - Ensure equitable access to shared resources
4. Anti-Bot Protection - Rate limit suspicious clients

⚖️ Tradeoffs & Constraints

When to Use On-Chain Rate Limiting

✅ Cross-service rate limiting needed
✅ Verifiable rate limit decisions required
✅ Anti-censorship requirements
✅ No infrastructure to maintain

When to Stick with Web2

❌ Sub-second latency required
❌ Very high throughput needed
❌ Cost-sensitive applications
❌ Simple single-service use case

🔧 Configuration

Config Parameters

• max_requests: Maximum requests allowed in window
• window_seconds: Time window duration
• is_active: Enable/disable rate limiting

Client State

• client_id: 32-byte identifier (hash of IP/API key/user)
• request_count: Current count in window
• window_start: Unix timestamp of window start

📊 Gas Costs (Devnet)

Operation	Compute Units	Fee
Init Config	~50,000	~0.000005 SOL
Check Rate Limit (new)	~100,000	~0.00001 SOL
Check Rate Limit (existing)	~30,000	~0.000003 SOL

🧪 Testing

# Unit tests
cargo test

# Integration tests (requires local validator)
npm test

📝 License

MIT

🤝 Contributing

PRs welcome! This is an educational project demonstrating Web2 → Solana migration patterns.