[Security] Unbounded deserialization allows DoS via OOM

## Problem

In `crates/consensus/src/validator_set.rs:101`, validator set deserialization does not check the size before allocation:

```rust
let len = u32::deserialize_reader(reader)? as usize;
let mut validators = Vec::with_capacity(len);  // NO SIZE CHECK
```

## Risk

An attacker can send a malicious payload with `len = u32::MAX`, causing:
- Out of memory (OOM) crash
- Node denial of service

## Solution

Add maximum size validation:

```rust
const MAX_VALIDATORS: usize = 10_000;  // or appropriate limit

let len = u32::deserialize_reader(reader)? as usize;
if len > MAX_VALIDATORS {
    return Err(Error::InvalidValidatorSetSize(len));
}
let mut validators = Vec::with_capacity(len);
```

## Affected Files

- `crates/consensus/src/validator_set.rs`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Security] Unbounded deserialization allows DoS via OOM #30

Problem

Risk

Solution

Affected Files

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[Security] Unbounded deserialization allows DoS via OOM #30

Description

Problem

Risk

Solution

Affected Files

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions