From cac6151c86107729dc727b0e8d0b3306a3543f5a Mon Sep 17 00:00:00 2001
From: Jonathan Downing <jonathan@dominantstrategies.io>
Date: Tue, 10 Dec 2024 11:55:04 -0600
Subject: [PATCH] Enforce max block range of 10k blocks

---
 quai/filters/api.go           | 6 ++++++
 quai/filters/filter_system.go | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/quai/filters/api.go b/quai/filters/api.go
index 2f69ac1724..0347931c84 100644
--- a/quai/filters/api.go
+++ b/quai/filters/api.go
@@ -40,6 +40,7 @@ import (
 
 const (
 	c_pendingHeaderChSize = 20
+	MaxFilterRange        = 10000
 )
 
 // filter is a helper struct that holds meta information over the filter type
@@ -535,6 +536,11 @@ func (api *PublicFilterAPI) GetLogs(ctx context.Context, crit FilterCriteria) ([
 		if crit.ToBlock != nil {
 			end = crit.ToBlock.Int64()
 		}
+		if begin > end {
+			return nil, errors.New("fromBlock must be less than or equal to toBlock")
+		} else if end-begin > MaxFilterRange {
+			return nil, fmt.Errorf("filter range must be less than or equal to %d", MaxFilterRange)
+		}
 		// Construct the range filter
 		filter = NewRangeFilter(api.backend, begin, end, addresses, crit.Topics, api.backend.Logger())
 	}
diff --git a/quai/filters/filter_system.go b/quai/filters/filter_system.go
index 772ad0c51a..fb34732788 100644
--- a/quai/filters/filter_system.go
+++ b/quai/filters/filter_system.go
@@ -221,6 +221,11 @@ func (es *EventSystem) SubscribeLogs(crit quai.FilterQuery, logs chan []*types.L
 		to = rpc.BlockNumber(crit.ToBlock.Int64())
 	}
 
+	// Enforce max range of 10,000 blocks
+	if from >= 0 && to >= 0 && to > from && to-from > MaxFilterRange {
+		return nil, fmt.Errorf("invalid from and to block combination: block range > %d", MaxFilterRange)
+	}
+
 	// only interested in pending logs
 	if from == rpc.PendingBlockNumber && to == rpc.PendingBlockNumber {
 		return es.subscribePendingLogs(crit, logs), nil