Closed shakreiner closed 1 year ago
@thehenrytsai definitely seems hi-pri, I will look at this too and see if I can confirm
@shakreiner thanks for reporting, definitely sound like a legitimate issue. I will try to reproduce this today and provide a fix.
Adding @xinaxu for awareness.
Hey, seems like the issue is fixed. Thanks!
If this is indeed the case, you can close this issue
This is indeed fixed, will wait to close until after a new release goes out.
closed as fixed
The current iterations over Update operation using the commit-reveal chain may lead to an infinite loop when trying to resolve a DID. The thing that can cause this state is having a DID with 2 Update operations, where the second operation commits to the first one again. This situation should not be allowed based on the specification (
updateCommitment
must be a new commitment in every operation), but the code doesn't seem to enforce that.I successfully created this state locally (by writing operations to the node's local mongoDB) using the following code (it uses ion-tools):
The potentially infinite loop starts here: https://github.com/decentralized-identity/sidetree/blob/c19a1ec7eca4a5d9ff24989b1f37a6ac6eff40f7/lib/core/Resolver.ts#L141
I tested it on ION and it doesn't seem to affect the core service in terms of resource exhaustion or DoS (probably due to node.js internal event queueing).
There are probably many ways of approaching a fix for that issue, such as iterating the operations based on the ledger time, or checking that the ledger time of the newly applied operation is after the previous one