bump, this question is still unanwswered.
The chances someone who's actually looked at the code are here is very slim. I've never looked at their network code I just know they transfer headers and white-list scripts because that's all you need to know for what I was doing.
If there is a way to do such an attack it's just a potential ddos. There aren't many networking or coding experts outside of the full reference client dev community so you'd see long waits for patches too..
Thats pretty sad, perhaps electrum should hire more developers, I see that the new version has already been updated in the changelog file, but not yet released.
And the commits are comming slowly as well on github, it would be nice if more devs would work on it.
Yeah 2.7.0 or whatever it is has been in the works for months. The patches look like mostly string constant and UX changes. I use it with my cold storage on Tails so it doesn't really matter. I'm still waiting for them to use Android hardware keystore to multisig. I do portable on Windows for view only.
Regarding ddos: Most criminals with capabilities are too busy dumping databases from all the bad development practices on "credible" bitcoin sites. I wouldn't worry about them shutting down the market or crashing values yet. Maybe when it takes more than a public SQLi fuzzer to jackpot exchanges they'll get mad and ddos..
