Posts tagged rpc.

The DoS class that scales against validators isn't volumetric. It's small requests that cost the node real work before it authenticates the caller. The pattern we keep finding across clients, and the fix.

Blockchain security money goes to smart-contract audits. The validators those contracts run on are defended for volume and almost nothing else. The attacks that actually scale live at the transport and RPC layer, and they're a class, not a list.

Three architectural findings in the Agave JSON-RPC layer at v3.1.9: response amplification on getMultipleAccounts, Tokio executor saturation via simulateTransaction, and spawn_blocking pool saturation via getProgramAccounts. Architectural patterns, not rate-limit DoS - operator rate limits don't close them.