Rate-limit dispute filing per user/market using the existing RateLimiter module

[greatest0fallt1me]

Description

Dispute filing has no frequency control. DisputeManager::process_dispute (contracts/predictify-hybrid/src/disputes.rs:822) only prevents the same user from disputing the same market twice (DisputeValidator::validate_dispute_parameters returns Error::AlreadyDisputed when has_user_disputed is true). There is no cooldown or per-window cap, so a funded actor can spam disputes across markets to grief resolution. A RateLimiter already exists in contracts/predictify-hybrid/src/rate_limiter.rs but is not wired into the dispute path. This issue applies rate limiting to dispute filing.

Requirements and context

• Existing infrastructure: rate_limiter.rs defines RateLimiter, RateLimitConfig, RateLimit, and RateLimiterError::RateLimitExceeded; the error enum also has RateLimitExceeded = 505 in contracts/predictify-hybrid/src/err.rs.
• A grep of disputes.rs shows no reference to RateLimiter/RateLimit today, confirming disputes are unprotected.
• Hook the limiter into DisputeManager::process_dispute (disputes.rs:822) and/or vote_on_dispute (disputes.rs:1406), keyed by user (and optionally market) over a configurable window.
• Preserve existing checks: MIN_DISPUTE_STAKE, the dispute voting window, and AlreadyDisputed must still apply.
• Non-functional: the limit must be admin-configurable, default to a safe value, and surface Error::RateLimitExceeded (505) to callers; storage writes must respect TTL conventions used elsewhere.

Acceptance criteria

• process_dispute enforces a per-user (and/or per-market) rate limit via the RateLimiter module.
• Exceeding the limit returns Error::RateLimitExceeded and does not consume the dispute stake.
• The rate-limit window/threshold is admin-configurable with a documented default.
• Existing dispute guards (AlreadyDisputed, minimum stake, voting window) remain enforced.
• Tests cover: under-limit success, over-limit rejection, window reset, and interaction with AlreadyDisputed.
• cargo fmt, cargo clippy, and cargo test pass.

Suggested execution

1. Fork the repo and create a branch — git checkout -b feature/rate-limit-disputes.
2. Implement changes — wire contracts/predictify-hybrid/src/rate_limiter.rs into contracts/predictify-hybrid/src/disputes.rs; add an admin config setter in contracts/predictify-hybrid/src/lib.rs if needed.
3. Write/extend tests — extend contracts/predictify-hybrid/src/tests/rate_limiter_tests.rs and add dispute-specific cases.
4. Test and commit

cargo fmt --all -- --check
cargo clippy --all-targets --all-features -- -D warnings
cargo test -p predictify-hybrid
stellar contract build --verbose

Example commit message

security: rate-limit dispute filing per user/market via RateLimiter

Guidelines

≥90% coverage on the new guard paths. Document the anti-griefing control in doc-comments, API_DOCUMENTATION.md (Dispute Management), and docs/security/ATTACK-VECTORS.md. Timeframe: 96 hours.