If your elixir system accepts any outside inputs and takes any part of those outside inputs and calls
String.to_atom with the input as an argument then your elixir system is subject to a denial of service attack.
Malicious actors can submit input designed to dynamically create a large number of atoms until the atom limit is reached, knocking out your elixir applications.
String.to_existing_atom instead. If the argument to this function cannot be converted to an existing atom then an exception will be thrown.
> String.to_existing_atom("I don't exist") ** (ArgumentError) argument error :erlang.binary_to_existing_atom("nothere", :utf8) > String.to_atom("I don't exist") :"I don't exist" > String.to_existing_atom("I don't exist") :"I don't exist"