Where to check contract limits

This is a great question. I assume you mean:

    @InitiatedBy(Initiator::class)
    class Acceptor(val otherParty: Party) : FlowLogic<SignedTransaction>() {
        @Suspendable
        override fun call(): SignedTransaction {
            val signTransactionFlow = object : SignTransactionFlow(otherParty) {
                override fun checkTransaction(stx: SignedTransaction) = requireThat {
                    val output = stx.tx.outputs.single().data
                    "This must be an IOU transaction." using (output is IOUState)
                    val iou = output as IOUState
                    "The IOU value can't be too high." using (iou.iou.value < 100)
                }
            }

            return subFlow(signTransactionFlow)
        }
    }

      

        
        
        
      

    

CollectSignaturesFlow

and its counterpart SignTransactionFlow

automates the collection of signatures for any type of transaction. This automation is very useful because developers no longer need to manually write streams for the signature collection! However, developers should be aware that given any valid transaction - according to the contract reference code in the transaction - the counterparty will always sign! This is because transactions are validated in isolation and not with respect to some expected external values.

Let me give you two examples:

• If I have access to one of your unspent cash states from a previous transaction, perhaps I could create a spend money transaction (from you to you) and ask you to sign through CollectSignaturesFlow
  
  . If the transaction is valid, then without any further verification, you will sign it, which will result in cash being sent to me. Clearly you don't want that!
• The contract code can only be part of the verification of the transaction. If you want to check that a transaction is a transaction that you want to enter for example. price <a certain amount, then you will have to do additional verification. The contract code cannot rely on what constitutes a commercially viable deal for you. This check should be done as part SignTransactionFlow
  
  by overridingsignTransaction
  
  

In CorDapp production, you might want to relate to a person's judgment about whether to sign a deal and close a deal. Or, alternatively, this process could be automated by accessing some external reference data system via the HTTP API or MQ to determine if the trade is one to be entered.

In the above code example, we added two simple constraints:

• One that prevents the borrower from creating too large (over 100) IOU wealth
• One that ensures that the transaction does indeed contain the state of the IOU and not some other state that we do not expect

Please note that these two constraints cannot be placed inside the contract code. The contract code is more suitable for defining constraints that determine how an asset or agreement should evolve over time. For example, regarding IOU:

• Issuance must be signed by the lender and the borrower
• Output must be greater than zero for a value
• Payouts must include a cash payment of the correct currency.
• IOU income must be redeemed before expiration
• More examples: https://github.com/roger3cev/iou-cordapp-v2/blob/master/src/main/kotlin/net/corda/iou/contract/IOUContract.kt

Remember that Corda is for potentially mutually distrustful parties to come to a consensus on common facts. Thus, nodes cannot implicitly trust what they receive over the wire from their third parties, so we always need to check what we receive is what we expect to receive.

Hope this makes sense!