Operational: In-memory rate limiting resets on restart — no persistence #90

New issue

Open

opened 2026-05-11 13:48:53 +00:00 by thabeta · 0 comments

thabeta commented

2026-05-11 13:48:53 +00:00

Owner

Severity: Medium

Location

crates/hero_aibroker_lib/src/middleware/ratelimit.rs

Finding

Rate limiting state is entirely in-memory (DashMap<IpAddr, InnerRateLimiter>). On broker restart:

All rate limit state is lost
Previously rate-limited IPs get a fresh bucket
No persistent tracking of abuse patterns

Impact

Restarting the broker resets all rate limits
Attackers can bypass rate limits by triggering a restart (if they have that capability)
No long-term abuse tracking

Recommendation

Persist rate limit state to hero_db for critical IPs
Add a slow-rate persistent layer (e.g., 1000 req/hour persisted)
Track abuse scores across restarts

## Severity: Medium ## Location `crates/hero_aibroker_lib/src/middleware/ratelimit.rs` ## Finding Rate limiting state is entirely in-memory (`DashMap<IpAddr, InnerRateLimiter>`). On broker restart: - All rate limit state is lost - Previously rate-limited IPs get a fresh bucket - No persistent tracking of abuse patterns ## Impact - Restarting the broker resets all rate limits - Attackers can bypass rate limits by triggering a restart (if they have that capability) - No long-term abuse tracking ## Recommendation - Persist rate limit state to `hero_db` for critical IPs - Add a slow-rate persistent layer (e.g., 1000 req/hour persisted) - Track abuse scores across restarts