Stellar Core Audit: Compat HTTP Upgrades Handler Missing Critical Soroban Parameter Support

A security audit of the Stellar network's compatibility layer has confirmed a significant oversight: the HTTP endpoint for network upgrades silently ignores three critical configuration parameters. The `/upgrades?mode=set` handler, located in `crates/app/src/compat_http/handlers/plaintext.rs`, parses only six parameters while completely omitting support for `maxsorobantxsetsize`, `nominationtimeoutlimit`, and `expirationminutes`. This creates a silent failure mode where attempts to set these values via the standard upgrade path are discarded without error, potentially leaving the network misconfigured.

The vulnerability, designated H-008, was independently verified. The audit confirmed the parsing code (lines 201–225) only handles `protocolversion`, `basefee`, `basereserve`, `maxtxsetsize`, `flags`, and `configupgradesetkey`. Crucially, the missing `maxsorobantxsetsize` parameter is essential for configuring transaction set limits for Soroban, Stellar's smart contract platform. The discrepancy is not in the underlying protocol but in the compatibility HTTP handler, which fails to bridge the command correctly to the core `herder` layer.

While rated as LOW severity, the finding exposes a critical gap between the network's upgrade interface and its actual capabilities. The upstream `stellar-core` source code in `CommandHandler.cpp` (lines 659–670) correctly parses all three missing parameters, confirming the handler is out of sync. This creates operational risk for node operators relying on the HTTP API for configuration, as intended Soroban limits may not be applied, potentially affecting network performance and stability during upgrade events.