SID-ACCESS-02 — Rate Limiting and Brute-Force Protection

Property	Value
Status	verified
Owner	platform
Category	technical
CSF Function	protect
Group	Access Control

Description

Per-identifier sliding window rate limiting with configurable burst and lockout after threshold. Prevents brute-force authentication attacks. WebSocket sessions limited to 3 concurrent pending flows (DoS protection).

Components

Wallet Backend (Go)

Source References

go-wallet-backend/middleware/ratelimit.go
go-wallet-backend/engine/session.go

Audit Findings

Finding	Severity	Status
EN-P-7 — Partial hardening and error handling	medium	resolved

Description​

Components​

Source References​

Audit Findings​

Description

Components

Source References

Audit Findings