Denial-of-Service when using getPastLogs API

[JosephK95]

trafficstars

Description

When we execute getPastLogs API, it seems that Besu falls in DoS if the toBlock parameter receives a very large value. Subsequent RPC requests do not receive any responses.

Steps to Reproduce (Bug)

1. Download the following file and untar it: dos.tar.gz
2. Untar the data-besu.tar.gz file in the 'dos' directory.
3. Execute Besu binary with the following flags: besu --data-path dos/data-besu --genesis-file dos/besu.json --rpc-http-port 8549 --rpc-http-enabled --rpc-http-api ETH --network-id 15 --discovery-enabled false
4. Execute the test case file: node dos/test1.js

Expected behavior: Besu should return an array of log objects or perform error handling.

Actual behavior: No response for approximately 5 minutes and resolves with "Gateway Timeout" error.

2022-08-10 14:14:07.643+09:00 | vertx-blocked-thread-checker | WARN  | BlockedThreadChecker | Thread Thread[vert.x-worker-thread-0,5,main] has been blocked for 299538 ms, time limit is 60000 ms
io.vertx.core.VertxException: Thread blocked

Frequency: Always

Versions (Add all that apply)

• Software version: besu/v22.4.4/linux-x86_64/openjdk-java-16
• OS Name & Version: Ubuntu 20.04.4 LTS
• Node.js / web3.js versions: v16.15.0 / v1.7.3