When a KADEMLIA2_REQ has been sent and the response is coming back from the responding node there is a check in CSearch::ProcessResponse() whether the asked node is sending more contacts than asked for.
But - unless I've missed something - there is no check in Process_KADEMLIA2_RES() to prevent attempts by the responding node to add more contacts to the asking node's routing table than expected. I've a feeling this could be exploited, especially if the asking node's client just has started and the routing table is building up.
This post has been edited by Nissenice: 04 October 2011 - 08:46 PM