DOS attack: Just simply fake some transactions with randomly generated key pairs, they will pass the validation and fill up the orphan pool(since the nodes cant find the input address).
Am I wrong with the transaction validation mechanism on the node or do I miss other technical details? Because this sounds trivial and no one thought about this?
Nearly there. The orphan pools serves primarily those without a parent transaction that can be found in their UTXO. For those transactions, they are stored in a orphan pool with a max transaction size of only 100, if I'm not wrong.
You can't do much with it. Even if you want to spam up to their limits, its fruitless and it won't be relayed to other nodes.
Oooh wait, I found it:
https://github.com/bitcoin/bitcoin/blob/3c098a8aa0780009c11b66b1a5d488a928629ebf/src/net_processing.h#L13.