Skip to content

Bound All Work Triggered by a Single Token Selection Request [HIGH] #1641

Description

@HayimShaul

Description
Conduct an architectural review of every code path reachable from a Selector.Select call -- token iteration depth, number of lock attempts, retry and back-off cycles, and lock-store growth -- and impose hard, configurable upper bounds on each dimension. Any request that would exceed these limits must be aborted early and all acquired locks released immediately. This is the primary defence against algorithmic attacks: no matter how a request is crafted (adversarial OwnerFilter, extreme quantity, or high concurrency), the system must shed load and return an error rather than consuming unbounded memory, CPU, storage, or wall-clock time.

Short Summary
An attacker can create a transaction that selects a large amount of tokens from database. This can exhaust the CPU and memory of the view service.

Metadata

Metadata

Assignees

Labels

Type

Fields

No fields configured for Task.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions