Skip to content

fix(signatureValidator): remove unbounded setInterval — prune nonces lazily instead #74

Description

@tmdeveloper007

Summary of What Needs to be Done

Remove the module-level setInterval from src/utils/signatureValidator.js that runs every 60 seconds to prune expired nonces from the usedNonces Map. The interval is never cleared, and in browsers the unref() call has no effect, so the timer runs for the lifetime of the page. Replace it with lazy on-demand pruning inside validateSignature.

Changes

  • Remove the module-level cleanupInterval setInterval
  • Add a pruneExpiredNonces() helper that removes entries older than MAX_REQUEST_AGE_MS
  • Call pruneExpiredNonces() once per validateSignature invocation to keep the nonce Map bounded at no extra cost

Impact

Severity: Medium — Long-running SPA sessions accumulate orphaned timer references. In apps that stay open for hours/days, the interval continues firing even after the signature validator is no longer needed.

Please assign this task to me.

Metadata

Metadata

Assignees

No one assigned

    Labels

    gssoc:approvedApproved for GSSoC contributionlevel:beginnerSmall, low-risk change (≤3 files, ≤50 lines)type:bugSomething is broken or incorrect

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions