Description
Every blocking call in the endorsement flow -- waiting for a signer reply, an auditor signature, or a distribution acknowledgement -- must be bounded by a hard deadline. Implement per-session and per-phase timeouts (e.g., via context.WithTimeout or equivalent FSC session deadline APIs) so that a slow, silent, or malicious remote party cannot hold a goroutine and its associated resources indefinitely. When a deadline expires the session must be torn down and its resources released immediately, preventing accumulation of zombie sessions.
Short Summary
Today there is a timeout in the view level and there is no timeout in the lower level (e.g., accessing the DB). Also, check whether all resources are freed on a view timeout.
Description
Every blocking call in the endorsement flow -- waiting for a signer reply, an auditor signature, or a distribution acknowledgement -- must be bounded by a hard deadline. Implement per-session and per-phase timeouts (e.g., via
context.WithTimeoutor equivalent FSC session deadline APIs) so that a slow, silent, or malicious remote party cannot hold a goroutine and its associated resources indefinitely. When a deadline expires the session must be torn down and its resources released immediately, preventing accumulation of zombie sessions.Short Summary
Today there is a timeout in the view level and there is no timeout in the lower level (e.g., accessing the DB). Also, check whether all resources are freed on a view timeout.