feat: impl pixel bid cooldown to prevent DoS risk

Author: mablr

src/EthPixelWar.sol

@@ -18,6 +18,8 @@ contract EthPixelWar is Ownable {
     bool public pixelWarIsActive;
     mapping(uint16 => Pixel) public grid;
     mapping(address => uint256) public pendingWithdrawals;
+    mapping(uint16 => uint256) public lastBidTime;
+    uint256 public constant BID_COOLDOWN = 1 minutes;
 
     event PixelBid(uint16 pixelId, address bidder, uint256 bidAmount);
     event ColorUpdated(uint16 pixelId, uint8 r, uint8 g, uint8 b);
@@ -51,13 +53,26 @@ contract EthPixelWar is Ownable {
         _;
     }
 
-    function bid(uint16 pixelId) public payable validPixelId(pixelId) validBid(pixelId) onlyActivePixelWar {
+    modifier bidCooldown(uint16 pixelId) {
+        require(block.timestamp >= lastBidTime[pixelId] + BID_COOLDOWN, "Bid cooldown in effect");
+        _;
+    }
+
+    function bid(uint16 pixelId)
+        public
+        payable
+        validPixelId(pixelId)
+        validBid(pixelId)
+        onlyActivePixelWar
+        bidCooldown(pixelId)
+    {
         Pixel storage pixel = grid[pixelId];
         if (pixel.owner != address(0)) {
             pendingWithdrawals[pixel.owner] += pixel.highestBid;
         }
         pixel.owner = msg.sender;
         pixel.highestBid = msg.value;
+        lastBidTime[pixelId] = block.timestamp;
 
         emit PixelBid(pixelId, msg.sender, msg.value);
     }
@@ -66,7 +81,7 @@ contract EthPixelWar is Ownable {
         uint256 amount = pendingWithdrawals[msg.sender];
         require(amount > 0, "No funds to withdraw");
         pendingWithdrawals[msg.sender] = 0;
-        (bool success, ) = payable(msg.sender).call{value: amount}("");
+        (bool success,) = payable(msg.sender).call{value: amount}("");
         require(success, "Withdrawal failed");
     }