Problem
All actor mailboxes in crates/actor/src/runtime.rs:108-120 use tokio::sync::mpsc::unbounded_channel() and futures_channel::mpsc::unbounded(). No actor has backpressure or capacity limits.
This affects every actor in the system:
- Worker: NetworkActor, StateActor, HeartbeatActor, SyncActor
- Client: StateActor instances for ServerState, DagState, ChatMeta, etc.
A malicious peer flooding gossip messages causes unbounded mailbox growth in the NetworkActor, which forwards to StateActor, causing cascading OOM.
Impact
- Any actor can be OOM-crashed by sustained message flooding
- No backpressure — producers never slow down
- Affects both worker and client actor systems
Suggested fix
Replace unbounded_channel() with bounded channels:
let (tx, rx) = tokio::sync::mpsc::channel(10_000); // Bounded with backpressure
Or add per-actor message count metrics and drop/log when threshold exceeded.
Location
crates/actor/src/runtime.rs:108-120
References
Found during deep implementation audit (pass 2)
Problem
All actor mailboxes in
crates/actor/src/runtime.rs:108-120usetokio::sync::mpsc::unbounded_channel()andfutures_channel::mpsc::unbounded(). No actor has backpressure or capacity limits.This affects every actor in the system:
A malicious peer flooding gossip messages causes unbounded mailbox growth in the NetworkActor, which forwards to StateActor, causing cascading OOM.
Impact
Suggested fix
Replace
unbounded_channel()with bounded channels:Or add per-actor message count metrics and drop/log when threshold exceeded.
Location
crates/actor/src/runtime.rs:108-120References
Found during deep implementation audit (pass 2)