Quick answer: Rate limits on bug submission prevent abuse but can drop legitimate reports during crashes. A token-bucket with per-session reservation handles both.
Rate limits applied naively drop the most-important reports: crash bursts. The token-bucket pattern preserves the bursts.
Token bucket per session
Each session starts with 5 tokens; refills 1/minute. Players can burst-report a crash sequence; sustained reporters get rate-limited.
Reserve burst budget
First 3 reports per session never rate-limit. The first reports are the most valuable.
Queue rate-limited
Rather than reject, queue rate-limited reports locally; retry when budget available. The data survives.
Deduplicate server-side
Identical reports within a minute are likely the same crash. Dedupe at ingest; rate limit becomes less aggressive.
“Rate limits protect infrastructure. Don't let them lose data.”
Tune rate limits from data: how many reports per minute do healthy and abusive sessions emit? The threshold is empirical.