feat: implement ECS-based user restriction for security and coverage

[delfinacorr]

Pull Request Description

📋 Basic Information

Implements a user restriction system (Whitelist/Blacklist) using the Entity Component System (ECS) pattern for PredictifyHybrid. It adds administrative controls to restrict specific addresses from interacting with core functions like deposit and create_event.

Type of Change

Please select the type of change this PR introduces:

• 🐛 Bug fix (non-breaking change which fixes an issue)
• ✨ New feature (non-breaking change which adds functionality)
• 💥 Breaking change (fix or feature that would cause existing functionality to not work as expected)
• 📚 Documentation update
• [X ] 🧪 Test addition/update
• 🔧 Refactoring (no functional changes)
• ⚡ Performance improvement
• 🔒 Security fix
• 🎨 UI/UX improvement
• 🚀 Deployment/Infrastructure change

Related Issues

Closes #262
Fixes #(issue number)
Related to #(issue number)

Priority Level

• 🔴 Critical (blocking other development)
• [ X ] 🟡 High (significant impact)
• 🟢 Medium (moderate impact)
• 🔵 Low (minor improvement)

---

📝 Detailed Description

What does this PR do?

Implements a user restriction system (Whitelist/Blacklist) using the Entity Component System (ECS) pattern for PredictifyHybrid. It adds administrative controls to restrict specific addresses from interacting with core functions like deposit and create_event.

Why is this change needed?

• This change is critical for two reasons:

• Security: Provides a necessary administrative layer to block malicious actors or unauthorized users.

• Code Coverage: The conditional logic introduced by the restriction checks allows for comprehensive branch testing, targeting the project's goal of 95% test coverage.

How was this tested?

• Due to local environment linker issues (link.exe not found), local testing was bypassed. Validation relies on GitHub Actions CI. Tests were added to cover:

• Successful deposits by unrestricted users.

• Unauthorized access errors when a restricted user attempts a deposit.

• Administrative authority verification for setting restrictions.

Alternative Solutions Considered

---

🏗️ Smart Contract Specific

Contract Changes

Please check all that apply:

• [ X] Core contract logic modified
• Oracle integration changes (Pyth/Reflector)
• [X ] New functions added
• [ X] Existing functions modified
• Storage structure changes
• Events added/modified
• Error handling improved
• Gas optimization
• [X ] Access control changes
• [X ] Admin functions modified
• Fee structure changes

Oracle Integration

• Pyth oracle integration affected
• Reflector oracle integration affected
• Oracle configuration changes
• Price feed handling modified
• Oracle fallback mechanisms
• Price validation logic

Market Resolution Logic

• Hybrid resolution algorithm changed
• Dispute mechanism modified
• Fee structure updated
• Voting mechanism changes
• Community weight calculation
• Oracle weight calculation

Security Considerations

• Access control reviewed
• Reentrancy protection
• Input validation
• Overflow/underflow protection
• Oracle manipulation protection

---

🧪 Testing

Test Coverage

• [X ] Unit tests added/updated
• [X ] Integration tests added/updated
• All tests passing locally
• Manual testing completed
• Oracle integration tested
• [ X] Edge cases covered
• Error conditions tested
• Gas usage optimized
• Cross-contract interactions tested

Test Results

# Paste test output here
cargo test
# Expected output: X tests passed, Y tests failed

Manual Testing Steps

---

📚 Documentation

Documentation Updates

• README updated
• Code comments added/updated
• API documentation updated
• Examples updated
• Deployment instructions updated
• Contributing guidelines updated
• Architecture documentation updated

Breaking Changes

Breaking Changes:

Migration Guide:

---

🔍 Code Quality

Code Review Checklist

• Code follows Rust/Soroban best practices
• Self-review completed
• No unnecessary code duplication
• Error handling is appropriate
• Logging/monitoring added where needed
• Security considerations addressed
• Performance implications considered
• Code is readable and well-commented
• Variable names are descriptive
• Functions are focused and small

Performance Impact

• Gas Usage:
• Storage Impact:
• Computational Complexity:

Security Review

• No obvious security vulnerabilities
• Access controls properly implemented
• Input validation in place
• Oracle data properly validated
• No sensitive data exposed

---

🚀 Deployment & Integration

Deployment Notes

• Network: Testnet/Mainnet
• Contract Address:
• Migration Required: Yes/No
• Special Instructions:

Integration Points

• Frontend integration considered
• API changes documented
• Backward compatibility maintained
• Third-party integrations updated

---

📊 Impact Assessment

User Impact

• End Users:
• Developers:
• Admins:

Business Impact

• Revenue:
• User Experience:
• Technical Debt:

---

✅ Final Checklist

Pre-Submission

• Code follows Rust/Soroban best practices
• All CI checks passing
• No breaking changes (or breaking changes are documented)
• Ready for review
• PR description is complete and accurate
• All required sections filled out
• Test results included
• Documentation updated

Review Readiness

• Self-review completed
• Code is clean and well-formatted
• Commit messages are clear and descriptive
• Branch is up to date with main
• No merge conflicts

---

📸 Screenshots (if applicable)

🔗 Additional Resources

• Design Document:
• Technical Spec:
• Related Discussion:
• External Documentation:

---

💬 Notes for Reviewers

Please pay special attention to:

• The implementation of check_restriction inside the deposit function.

• The use of BLACKLIST_PREFIX for persistent storage to ensure it follows the ECS pattern.

Questions for reviewers:

• Does the 95% coverage requirement necessitate further restriction checks in the withdraw or vote functions as well?

---

Thank you for your contribution to Predictify! 🚀