feat: Implement EXTRA_DATA_MAX_SIZE Limit in Filecoin-Services (#313)

### Resolves
#304 

- Added new error `ExtraDataSizeExceeded` in `Errors.sol` to signal when
`extraData` exceeds allowed limits.
- Defined new constants for maximum extra data sizes in
`FilecoinWarmStorageService.sol`:
  - `MAX_CREATE_DATA_SET_EXTRA_DATA_SIZE = 4 KiB`
  - `MAX_PIECES_ADDED_EXTRA_DATA_SIZE = 8 KiB`
- Updated functions in `FilecoinWarmStorageService` to:
  - Check `extraData.length` against these limits.
- Revert with `ExtraDataSizeExceeded` if the size exceeds the maximum
allowed.

Did not add tests as this adds only a require statement , le'me know
will add tests as well

---------

Co-authored-by: Rod Vagg <[email protected]>
Co-authored-by: William Morriss <[email protected]>

Author: 3 people

service_contracts/abi/Errors.abi.json

@@ -228,6 +228,22 @@
     "name": "ExtraDataRequired",
     "inputs": []
   },
+  {
+    "type": "error",
+    "name": "ExtraDataTooLarge",
+    "inputs": [
+      {
+        "name": "actualSize",
+        "type": "uint256",
+        "internalType": "uint256"
+      },
+      {
+        "name": "maxAllowedSize",
+        "type": "uint256",
+        "internalType": "uint256"
+      }
+    ]
+  },
   {
     "type": "error",
     "name": "FilBeamServiceNotConfigured",

service_contracts/abi/FilecoinWarmStorageService.abi.json

@@ -1670,6 +1670,22 @@
     "name": "ExtraDataRequired",
     "inputs": []
   },
+  {
+    "type": "error",
+    "name": "ExtraDataTooLarge",
+    "inputs": [
+      {
+        "name": "actualSize",
+        "type": "uint256",
+        "internalType": "uint256"
+      },
+      {
+        "name": "maxAllowedSize",
+        "type": "uint256",
+        "internalType": "uint256"
+      }
+    ]
+  },
   {
     "type": "error",
     "name": "FailedCall",

service_contracts/src/Errors.sol

@@ -289,6 +289,10 @@ library Errors {
     /// @param pdpEndEpoch The end epoch when the PDP payment rail will finalize
     error PaymentRailsNotFinalized(uint256 dataSetId, uint256 pdpEndEpoch);
 
+    /// @notice Extra data size exceeds the maximum allowed limit
+    /// @param actualSize The size of the provided extra data
+    /// @param maxAllowedSize The maximum allowed size for extra data
+    error ExtraDataTooLarge(uint256 actualSize, uint256 maxAllowedSize);
     /// @notice The supplied capability keys did not contain all of the required keys for the product type
     /// @param productType The kind of service product attempted to be registered
     error InsufficientCapabilitiesForProduct(ServiceProviderRegistryStorage.ProductType productType);

service_contracts/src/FilecoinWarmStorageService.sol

@@ -25,6 +25,24 @@ uint256 constant BYTES_PER_LEAF = 32; // Each leaf is 32 bytes
 uint64 constant CHALLENGES_PER_PROOF = 5;
 uint256 constant COMMISSION_MAX_BPS = 10000; // 100% in basis points
 
+/*
+* Maximum extraData for createDataSet
+* Supports: 10 metadata entries with max sizes
+*/
+uint256 constant MAX_CREATE_DATA_SET_EXTRA_DATA_SIZE = 4096; // 4 KiB
+
+/*
+* Maximum extraData for addPieces
+* Supports: 5 pieces with full metadata, or 61 pieces with no metadata
+*/
+uint256 constant MAX_ADD_PIECES_EXTRA_DATA_SIZE = 8192; // 8 KiB
+
+/*
+* Maximum extraData for schedulePieceRemovals
+* Supports: signature (160 bytes needed)
+*/
+uint256 constant MAX_SCHEDULE_PIECE_REMOVALS_EXTRA_DATA_SIZE = 256; // 256 bytes
+
 /// @title FilecoinWarmStorageService
 /// @notice An implementation of PDP Listener with payment integration.
 /// @dev This contract extends SimplePDPService by adding payment functionality
@@ -519,7 +537,12 @@ contract FilecoinWarmStorageService is
         onlyPDPVerifier
     {
         // Decode the extra data to get the metadata, payer address, and signature
-        require(extraData.length > 0, Errors.ExtraDataRequired());
+        uint256 len = extraData.length;
+        require(len > 0, Errors.ExtraDataRequired());
+        require(
+            len <= MAX_CREATE_DATA_SET_EXTRA_DATA_SIZE,
+            Errors.ExtraDataTooLarge(len, MAX_CREATE_DATA_SET_EXTRA_DATA_SIZE)
+        );
         DataSetCreateData memory createData = decodeDataSetCreateData(extraData);
 
         // Validate the addresses
@@ -734,7 +757,9 @@ contract FilecoinWarmStorageService is
 
         // Get the payer address for this data set
         address payer = info.payer;
-        require(extraData.length > 0, Errors.ExtraDataRequired());
+        uint256 len = extraData.length;
+        require(len > 0, Errors.ExtraDataRequired());
+        require(len <= MAX_ADD_PIECES_EXTRA_DATA_SIZE, Errors.ExtraDataTooLarge(len, MAX_ADD_PIECES_EXTRA_DATA_SIZE));
         // Decode the extra data
         (uint256 nonce, string[][] memory metadataKeys, string[][] memory metadataValues, bytes memory signature) =
             abi.decode(extraData, (uint256, string[][], string[][], bytes));
@@ -809,7 +834,12 @@ contract FilecoinWarmStorageService is
         address payer = info.payer;
 
         // Decode the signature from extraData
-        require(extraData.length > 0, Errors.ExtraDataRequired());
+        uint256 len = extraData.length;
+        require(len > 0, Errors.ExtraDataRequired());
+        require(
+            len <= MAX_SCHEDULE_PIECE_REMOVALS_EXTRA_DATA_SIZE,
+            Errors.ExtraDataTooLarge(len, MAX_SCHEDULE_PIECE_REMOVALS_EXTRA_DATA_SIZE)
+        );
         bytes memory signature = abi.decode(extraData, (bytes));
 
         // Verify the signature

service_contracts/test/FilecoinWarmStorageService.t.sol

@@ -10,7 +10,12 @@ import {Cids} from "@pdp/Cids.sol";
 import {MyERC1967Proxy} from "@pdp/ERC1967Proxy.sol";
 import {SessionKeyRegistry} from "@session-key-registry/SessionKeyRegistry.sol";
 
-import {CHALLENGES_PER_PROOF, FilecoinWarmStorageService} from "../src/FilecoinWarmStorageService.sol";
+import {
+    CHALLENGES_PER_PROOF,
+    MAX_ADD_PIECES_EXTRA_DATA_SIZE,
+    MAX_CREATE_DATA_SET_EXTRA_DATA_SIZE,
+    FilecoinWarmStorageService
+} from "../src/FilecoinWarmStorageService.sol";
 import {FilecoinWarmStorageServiceStateView} from "../src/FilecoinWarmStorageServiceStateView.sol";
 import {SignatureVerificationLib} from "../src/lib/SignatureVerificationLib.sol";
 import {FilecoinWarmStorageServiceStateLibrary} from "../src/lib/FilecoinWarmStorageServiceStateLibrary.sol";
@@ -243,6 +248,22 @@ contract FilecoinWarmStorageServiceTest is MockFVMTest {
         );
     }
 
+    function _generateKey(uint256 index) public pure returns (string memory) {
+        bytes32 hash = keccak256(abi.encodePacked("base_salt", index));
+
+        // Convert hash to hex string
+        string memory hexStr = Strings.toHexString(uint256(hash), 32); // 0x + 64 chars
+
+        // Remove the "0x" prefix and take only first 32 characters to make exactly 32 bytes
+        bytes memory keyBytes = bytes(hexStr);
+        bytes memory result = new bytes(32);
+        for (uint256 i = 0; i < 32; i++) {
+            result[i] = keyBytes[i + 2]; // skip '0x'
+        }
+
+        return string(result); // exactly 32-byte unique string
+    }
+
     function testInitialState() public view {
         assertEq(
             pdpServiceWithPayments.pdpVerifierAddress(),
@@ -2517,6 +2538,55 @@ contract FilecoinWarmStorageServiceTest is MockFVMTest {
         }
     }
 
+    function testDataSetMetaDataWithAllBoundaries() public {
+        // Create metadata with max keys, each with max key and value lengths
+        uint256[] memory keyCounts = new uint256[](3);
+        keyCounts[0] = MAX_KEYS_PER_DATASET - 1; // Just below max
+        keyCounts[1] = MAX_KEYS_PER_DATASET; // At max
+        keyCounts[2] = MAX_KEYS_PER_DATASET + 4; // Exceeds max
+
+        for (uint256 testIdx = 0; testIdx < keyCounts.length; testIdx++) {
+            uint256 keyCount = keyCounts[testIdx];
+            string[] memory metadataKeys = new string[](keyCount);
+            string[] memory metadataValues = new string[](keyCount);
+
+            for (uint256 i = 0; i < keyCount; i++) {
+                //key must be unique with length 32 bytes
+                metadataKeys[i] = _generateKey(i);
+                assertEq(bytes(metadataKeys[i]).length, 32, "Key length should be 32 bytes");
+                // Max key length
+                metadataValues[i] = _makeStringOfLength(128); // Max value length
+            }
+
+            if (keyCount <= MAX_KEYS_PER_DATASET) {
+                // Should succeed for valid counts
+                uint256 dataSetId = createDataSetForClient(sp1, client, metadataKeys, metadataValues);
+
+                // Verify all metadata keys and values
+                for (uint256 i = 0; i < metadataKeys.length; i++) {
+                    (bool exists, string memory storedMetadata) =
+                        viewContract.getDataSetMetadata(dataSetId, metadataKeys[i]);
+                    assertTrue(exists, string.concat("Key ", metadataKeys[i], " should exist"));
+                    assertEq(
+                        storedMetadata,
+                        metadataValues[i],
+                        string.concat("Stored metadata for ", metadataKeys[i], " should match")
+                    );
+                }
+            } else {
+                // Should fail for exceeding max
+                bytes memory encodedData = prepareDataSetForClient(sp1, client, metadataKeys, metadataValues);
+                vm.prank(sp1);
+                vm.expectRevert(
+                    abi.encodeWithSelector(
+                        Errors.ExtraDataTooLarge.selector, encodedData.length, MAX_CREATE_DATA_SET_EXTRA_DATA_SIZE
+                    )
+                );
+                mockPDPVerifier.createDataSet(pdpServiceWithPayments, encodedData);
+            }
+        }
+    }
+
     function setupDataSetWithPieceMetadata(
         uint256 pieceId,
         string[] memory keys,
@@ -2778,6 +2848,91 @@ contract FilecoinWarmStorageServiceTest is MockFVMTest {
         }
     }
 
+    function testPieceMetadataAllBoundaries() public {
+        uint256 pieceId = 42;
+
+        // Helper to create a dataset
+        (string[] memory metadataKeys, string[] memory metadataValues) =
+            _getSingleMetadataKV("label", "Test Root Metadata");
+        uint256 dataSetId = createDataSetForClient(sp1, client, metadataKeys, metadataValues);
+
+        // Parameters
+        uint256 totalPieces = 5;
+
+        // --- Phase 1: all pieces within limits ---
+        {
+            Cids.Cid[] memory pieceData = new Cids.Cid[](totalPieces);
+            string[][] memory allKeys = new string[][](totalPieces);
+            string[][] memory allValues = new string[][](totalPieces);
+
+            for (uint256 p = 0; p < totalPieces; p++) {
+                pieceData[p] = Cids.CommPv2FromDigest(0, 4, keccak256(abi.encodePacked("file", Strings.toString(p))));
+
+                uint256 keyCount = MAX_KEYS_PER_PIECE; // at the limit
+                string[] memory keys = new string[](keyCount);
+                string[] memory values = new string[](keyCount);
+
+                for (uint256 k = 0; k < keyCount; k++) {
+                    // Generate globally unique keys by combining piece index and key index
+                    keys[k] = _generateKey(p * 1000 + k);
+                    assertEq(bytes(keys[k]).length, 32, "Key length should be 32 bytes");
+                    values[k] = _makeStringOfLength(128); // max value length
+                }
+
+                allKeys[p] = keys;
+                allValues[p] = values;
+            }
+
+            uint256 nonce = pieceId + 1000;
+            bytes memory encodedData = abi.encode(nonce, allKeys, allValues, FAKE_SIGNATURE);
+            // Expect success
+            vm.expectEmit(true, false, false, true);
+            emit FilecoinWarmStorageService.PieceAdded(dataSetId, pieceId, pieceData[0], allKeys[0], allValues[0]);
+
+            vm.prank(address(mockPDPVerifier));
+            pdpServiceWithPayments.piecesAdded(dataSetId, pieceId, pieceData, encodedData);
+            console.log("encodedData length (within limits):", encodedData.length);
+        }
+
+        // --- Phase 2: one piece exceeds key limit and must revert ---
+        {
+            Cids.Cid[] memory pieceData = new Cids.Cid[](totalPieces);
+            string[][] memory allKeys = new string[][](totalPieces);
+            string[][] memory allValues = new string[][](totalPieces);
+
+            for (uint256 p = 0; p < totalPieces; p++) {
+                pieceData[p] = Cids.CommPv2FromDigest(0, 4, keccak256(abi.encodePacked("file-ex", Strings.toString(p))));
+
+                // Make the last piece exceed the per-piece key limit
+                uint256 keyCount = (p == totalPieces - 1) ? (MAX_KEYS_PER_PIECE + 1) : MAX_KEYS_PER_PIECE;
+                string[] memory keys = new string[](keyCount);
+                string[] memory values = new string[](keyCount);
+
+                for (uint256 k = 0; k < keyCount; k++) {
+                    // Ensure uniqueness across all pieces
+                    keys[k] = _generateKey(p * 1000 + k + 1);
+                    values[k] = _makeStringOfLength(128);
+                }
+
+                allKeys[p] = keys;
+                allValues[p] = values;
+            }
+
+            uint256 nonce = pieceId + 2000;
+            bytes memory encodedData = abi.encode(nonce, allKeys, allValues, FAKE_SIGNATURE);
+
+            // Expect revert when at least one piece has too many keys or extraData becomes too large
+            vm.prank(address(mockPDPVerifier));
+            vm.expectRevert(
+                abi.encodeWithSelector(
+                    Errors.ExtraDataTooLarge.selector, encodedData.length, MAX_ADD_PIECES_EXTRA_DATA_SIZE
+                )
+            );
+            pdpServiceWithPayments.piecesAdded(dataSetId, pieceId + totalPieces, pieceData, encodedData);
+            console.log("encodedData length (exceeding limits):", encodedData.length);
+        }
+    }
+
     function testPieceMetadataForSameKeyCannotRewrite() public {
         uint256 pieceId = 42;