Soroban Validator Security Gap: Query Server Allowed on Networked Nodes, Contradicting Stellar-Core

A critical configuration validation gap has been confirmed in the Soroban smart contract platform's validator software. The `app` crate's configuration logic fails to enforce a key security rule, allowing a query server to be enabled on a networked validator node. This directly contradicts the upstream guard in the Stellar network's core software, `stellar-core`, which unconditionally rejects such a configuration as invalid.

Independent adversarial review of the code confirms the finding. In `stellar-core` (ApplicationImpl.cpp), a networked validator (`NODE_IS_VALIDATOR && !RUN_STANDALONE`) is explicitly prohibited from having a non-zero `HTTP_QUERY_PORT`. The code throws an `std::invalid_argument` exception to enforce this. However, the corresponding validation function in Soroban's `AppConfig::validate()` (config.rs, lines 1464-1479) contains no such check. It only verifies that the `query.port` does not collide with other HTTP ports, completely omitting the critical validation against the `is_validator` flag.

This mismatch creates a potential attack surface and configuration drift between the two codebases. While the severity is currently assessed as LOW, the absence of this guard represents a clear deviation from established security posture for validator nodes. It introduces a risk that a validator operator could inadvertently deploy a node in a state explicitly forbidden by the upstream protocol's security model, potentially exposing query interfaces on sensitive infrastructure.