Spamming challenge detail filter cause unlimited API requests #224

New Issue

Closed

opened 2025-09-22 12:58:14 -04:00 by devmountain · 0 comments

devmountain commented 2025-09-22 12:58:14 -04:00

Copy Link

Issue URL:

https://www.topcoder.com/challenges

Steps to reproduce

1. Go to https://www.topcoder.com
2. Go to "Community" -> "Opportunities"
3. Go to "past" tab
4. keep toggle on and off filters
5. Observe API request from Network tab

Actual result

There's no throttle, User can spam and cause unnecessary load in the server.
Probably easy dDos attack.

Expected result

Filter can be disable until current user's filter request is done.

Environment

• OS: MacOS Sonoma 14.7.1 Browser version: Safari 17.6
• Device: MacBook Air M1, 13.3 inch

Reproducibility

5/5

Attachments

Video.

#### Issue URL: https://www.topcoder.com/challenges #### Steps to reproduce 1. Go to https://www.topcoder.com 2. Go to "Community" -> "Opportunities" 3. Go to "past" tab 4. keep toggle on and off filters 5. Observe API request from Network tab #### Actual result There's no throttle, User can spam and cause unnecessary load in the server. Probably easy dDos attack. #### Expected result Filter can be disable until current user's filter request is done. #### Environment - OS: MacOS Sonoma 14.7.1 Browser version: Safari 17.6 - Device: MacBook Air M1, 13.3 inch #### Reproducibility 5/5 #### Attachments Video.

Screen Recording 2025-09-23 at 00.55.54.mov

52 MiB

devmountain added the MacOSSafariFunctional labels 2025-09-22 12:58:14 -04:00

nithya160925 added the Not a bug label 2025-09-24 15:35:27 -04:00

nithya160925 closed this issue 2025-09-24 15:35:29 -04:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

No results found.

Labels

Clear labels

carousel

issues related to carousel on different pages

Chrome

Content

An issue involving incorrect or outdated content

data issue

duplicate

Edge

Firefox

Functional

An issue where a feature or function is not behaving as expected

incomplete

incomplete steps, missing details

Invalid

Issues that are not in scope, not reproducible, incomplete, etc

MacOS

Not a bug

Out of Scope

P: Account Settings

P: AI Hub

P: Blog

P: Challenge Details Page

P: Challenge Listing Page

P: Customer Stories Page

P: Freelancers Page

P: Help page

P: Help Page

P: Homepage

P: Marathon Tournament Page

P: My Profile

P: Review Opportunities Page

P: SignUp flow

P: Statistics Page

P: Talent Page

P: Terms and Policies

P: Thrive

P: Topcoder Academy

P: Topcoder Customer Account

Safari

S: Critical

The issue causes data loss, a system crash, or a major part of the application to be unusable. A workaround may exist, but it is not acceptable for end-users.

S: High

he issue is a significant bug that affects a key feature, causes incorrect behavior, or results in a poor user experience. It needs to be addressed soon.

S: Low

A minor issue with minimal impact, such as a typo, misaligned element, or a cosmetic flaw.

S: Medium

The issue is a noticeable problem, but it doesn't break core functionality. It might be a UI issue, a confusing error message, or a minor functional bug.

Trivial

UI

An issue concerning a visual design and layout (Ex: button misaligned, text is overlapping)

UX

An issue that negatively affects the user's journey or usability

valid

Windows

No Label Functional MacOS Not a bug Safari

Milestone

No items

No Milestone

Assignees

Clear assignees

kiril.kartunov nithya160925 tester1234

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: Topcoder-Platform/public-website-qa-bug-hunt#224