This is a severe DoS vulnerability within slay.one's 1v1 protocol. This allows the same player to create multiple instances of a 1v1 match straining server reasources and causing the server to crash. I tested this vulnerability on my own local test server (made with Rust), however, after the events of today it is shown that it can be used on larger servers.
The code snippet below is what can cause this DoS attack.
for (let i=0; i < 100000000; i++ ) { Network_1.Network.send("enterQueue$3")}
Using Chromium's V8 Javascript Engine it is calculated to do one iteration in 1-10 nanoseconds, which means in this loop 10^8 packets are packets are send per second (at a mimimum estimate) under ideal conditions.
Create a patch server-side that rate limits the amount of times a player can request a 1v1 game.
