When a node receives a transaction, it first verifies the signature is valid or not. If the transactions pass the validation with a correct signature, they are added to the transaction pool. If a transaction’s inputs refer to a transaction that is not yet known, the orphan transaction will be stored temporarily in the orphan pool.

DOS attack: Just simply fake some transactions with randomly generated key pairs, they will pass the validation and fill up the orphan pool(since the nodes cant find the input address).

Am I wrong with the transaction validation mechanism on the node or do I miss other technical details? Because this sounds trivial and no one thought about this?