[SECURITY] Add unlock attempt rate limiting in service worker

[wheval]

Summary

Throttle failed password unlock attempts to reduce brute force risk.

Background

Medium-effort, independently implementable task. Not part of Stellar Wave program tracking.

Scope

• apps/extension-wallet/src/background/service-worker.ts

Files to create / modify

Track failures in session storage with exponential backoff.

Example implementation

if (failures >= 5) return { ok: false, retryAfterMs: backoffMs };

Acceptance criteria

• Lockout after N failures
• Success resets counter
• User-visible retry message
• Tests with fake timers

Difficulty

Medium

Labels

enhancement, medium, security, extension

[dubemoyibe-star]

@dubemoyibe-star has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

hey can i work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @dubemoyibe-star to this issue.

[davidsoniaudin2-oss]

@davidsoniaudin2-oss has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

will love to work on this issue

ℹ️ Repo Maintainers: To accept this application, review their application or assign @davidsoniaudin2-oss to this issue.

[kingbitnation]

@kingbitnation has applied to work on this issue as part of the Stellar Wave Program's 5th wave.

Hello i would love to work on this.

ℹ️ Repo Maintainers: To accept this application, review their application or assign @kingbitnation to this issue.

[drips-wave]

Congratulations, @kingbitnation! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 2, 2026.

🧑‍💻 @kingbitnation: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊