[SECURITY] LOW: No rate limiting on API calls #10

New Issue

shoko · 2026-03-25T10:39:50+01:00

shoko commented

2026-03-25 10:39:50 +01:00

Severity: LOW

An attacker who can pass arguments to this script (e.g., via a web wrapper) could repeatedly call the Polymarket API in a loop, potentially getting the user's IP rate-limited or banned by Polymarket.

Location

scripts/browse.py lines 74-76 (fetch_all_pages())

Recommended Fix

Add a cooldown between runs if called repeatedly, or use a token bucket rate limiter.

Reference

See reviews/2026-03-25.md Section 6.8

## Severity: LOW An attacker who can pass arguments to this script (e.g., via a web wrapper) could repeatedly call the Polymarket API in a loop, potentially getting the user's IP rate-limited or banned by Polymarket. ## Location `scripts/browse.py` lines 74-76 (`fetch_all_pages()`) ## Recommended Fix Add a cooldown between runs if called repeatedly, or use a token bucket rate limiter. ## Reference See `reviews/2026-03-25.md` Section 6.8

shoko added the low security labels 2026-03-25 10:39:51 +01:00

shoko referenced this issue

2026-03-25 10:40:34 +01:00

[SECURITY] polymarket-browse: Security Audit Tracking (2026-03-25) #3

shoko closed this issue

2026-03-27 04:10:04 +01:00

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: shoko/jujutsu-skills#10