isLocal == true allows bypassing per-account transaction limit in the mempool #489
Description
Description:
There is a piece of logic in the mempool code that controls the number of transactions per account:
if (!isLocal && uint64(p.all.count(txn.SenderID)) > p.cfg.AccountSlots) {
// reject txn
}
However, when isLocal == true, this check is bypassed.
This means that locally submitted transactions are not subject to the AccountSlots limit, allowing a single account to potentially flood the mempool.
Expected Behavior:
Even local transactions should be subject to AccountSlots, or there should be a configurable whitelist for bypassing the limit.
Actual Behavior:
Transactions submitted locally (isLocal == true) are exempt from the per-account transaction limit.
Impact:
This creates a potential DoS vector: a user controlling a local node can bypass limits and spam the mempool, affecting overall network health and transaction propagation.