Commit: 2f26d91 · Finding: SEC-V-08
Problem
The ManagedDag pending buffer is capped at MAX_CLIENT_PENDING = 5_000 (crates/client/src/state_actors.rs:198) with defaults at crates/state/src/sync.rs:139-142. It has no per-author cap.
A single misbehaving signer (any valid DAG identity — free to generate) can broadcast 5,000 events with unresolved prev/deps, filling 100% of the pending slots. Legitimate events arriving out-of-order during the 1-hour eviction window are dropped.
Fix
Add a per-author sub-cap (e.g. pending_max_entries / 50) inside PendingBuffer::insert so one signer cannot consume the whole buffer. Emit a tracing::warn! the first time an author hits the sub-cap.
Obvious fix — will be auto-PR'd.
Commit:
2f26d91· Finding:SEC-V-08Problem
The ManagedDag pending buffer is capped at
MAX_CLIENT_PENDING = 5_000(crates/client/src/state_actors.rs:198) with defaults atcrates/state/src/sync.rs:139-142. It has no per-author cap.A single misbehaving signer (any valid DAG identity — free to generate) can broadcast 5,000 events with unresolved
prev/deps, filling 100% of the pending slots. Legitimate events arriving out-of-order during the 1-hour eviction window are dropped.Fix
Add a per-author sub-cap (e.g.
pending_max_entries / 50) insidePendingBuffer::insertso one signer cannot consume the whole buffer. Emit atracing::warn!the first time an author hits the sub-cap.Obvious fix — will be auto-PR'd.