fix: bound keyurl caches with FIFO eviction to prevent memory leak

luchobonatti · luchobonatti · commit 559671fece40 · 2026-04-09T12:36:39.000-03:00
Replace unbounded Record/Map caches in networkV1.ts and AbstractRelayerProvider.ts with Map<string, CachedKey> bounded to MAX_KEYURL_CACHE_SIZE=16 entries. FIFO eviction via Map insertion order prevents indefinite growth in long-running server processes. Closes zama-ai#336
diff --git a/src/relayer-provider/AbstractRelayerProvider.ts b/src/relayer-provider/AbstractRelayerProvider.ts
@@ -49,7 +49,9 @@ import { uintToHex } from '@base/uint';
 ////////////////////////////////////////////////////////////////////////////////
 
 // Cache promises to avoid race conditions when multiple concurrent calls
-// are made before the first one completes
+// are made before the first one completes.
+// Bounded to MAX_KEYURL_CACHE_SIZE with FIFO eviction. Mirrors networkV1.ts.
+const MAX_KEYURL_CACHE_SIZE = 16;
 const privateKeyurlCache = new Map<string, Promise<TFHEPkeParams>>();
 
 /**
@@ -106,6 +108,9 @@ export abstract class AbstractRelayerProvider {
       throw err;
     });
 
+    if (privateKeyurlCache.size >= MAX_KEYURL_CACHE_SIZE) {
+      privateKeyurlCache.delete(privateKeyurlCache.keys().next().value!);
+    }
     privateKeyurlCache.set(this.#relayerUrl, promise);
 
     return promise;
diff --git a/src/relayer-provider/v1/networkV1.test.ts b/src/relayer-provider/v1/networkV1.test.ts
@@ -1,5 +1,5 @@
 import type { RelayerGetResponseKeyUrlSnakeCase } from '../types/private';
-import { getKeysFromRelayer } from './networkV1';
+import { getKeysFromRelayer, _clearKeyurlCache } from './networkV1';
 import { tfheCompactPkeCrsBytes, tfheCompactPublicKeyBytes } from '../../test';
 import { SERIALIZED_SIZE_LIMIT_PK } from '../../sdk/lowlevel/constants';
 import fetchMock from 'fetch-mock';
@@ -134,9 +134,22 @@ const payload: RelayerGetResponseKeyUrlSnakeCase = {
 const describeIfFetchMock =
   TEST_CONFIG.type === 'fetch-mock' ? describe : describe.skip;
 
+const pubKeyUrl = payload.response.fhe_key_info[0].fhe_public_key.urls[0];
+const crsUrl = payload.response.crs['2048'].urls[0];
+
 ////////////////////////////////////////////////////////////////////////////////
 
 describeIfFetchMock('network', () => {
+  beforeEach(() => {
+    _clearKeyurlCache();
+    fetchMock.removeRoutes();
+  });
+
+  afterEach(() => {
+    _clearKeyurlCache();
+    fetchMock.removeRoutes();
+  });
+
   it('getKeysFromRelayer', async () => {
     fetchMock.get('https://test-relayer.net/v1/keyurl', payload);
 
@@ -156,4 +169,58 @@ describeIfFetchMock('network', () => {
       material.publicKey.safe_serialize(SERIALIZED_SIZE_LIMIT_PK),
     ).toStrictEqual(tfheCompactPublicKeyBytes);
   });
+
+  it('cache hit: second call returns same object, /keyurl called once', async () => {
+    let keyurlCallCount = 0;
+    fetchMock.get(TEST_CONFIG.v1.urls.keyUrl, () => {
+      keyurlCallCount++;
+      return payload;
+    });
+    fetchMock.get(pubKeyUrl, tfheCompactPublicKeyBytes);
+    fetchMock.get(crsUrl, tfheCompactPkeCrsBytes);
+
+    const r1 = await getKeysFromRelayer(TEST_CONFIG.v1.urls.base);
+    const r2 = await getKeysFromRelayer(TEST_CONFIG.v1.urls.base);
+
+    expect(r1).toBe(r2);
+    expect(keyurlCallCount).toBe(1);
+  });
+
+  it('FIFO eviction: 17th URL evicts url-00', async () => {
+    const keyurlCallCounts: number[] = new Array(17).fill(0) as number[];
+
+    // Asset mocks registered once — all 17 payloads reference the same asset URLs
+    fetchMock.get(pubKeyUrl, tfheCompactPublicKeyBytes);
+    fetchMock.get(crsUrl, tfheCompactPkeCrsBytes);
+
+    // Register 17 unique keyurl mocks
+    for (let n = 0; n < 17; n++) {
+      const idx = n;
+      fetchMock.get(
+        `https://test-relayer.net/url-${String(idx).padStart(2, '0')}/keyurl`,
+        () => {
+          keyurlCallCounts[idx]++;
+          return payload;
+        },
+      );
+    }
+
+    // Fill cache with url-00..url-15 (16 entries)
+    for (let n = 0; n < 16; n++) {
+      await getKeysFromRelayer(
+        `https://test-relayer.net/url-${String(n).padStart(2, '0')}`,
+      );
+    }
+
+    // Insert url-16 — evicts url-00
+    await getKeysFromRelayer('https://test-relayer.net/url-16');
+
+    // url-01 is still in cache (only url-00 was evicted)
+    await getKeysFromRelayer('https://test-relayer.net/url-01');
+    expect(keyurlCallCounts[1]).toBe(1);
+
+    // Re-fetch url-00 — was evicted, must hit network again
+    await getKeysFromRelayer('https://test-relayer.net/url-00');
+    expect(keyurlCallCounts[0]).toBe(2);
+  });
 });
diff --git a/src/relayer-provider/v1/networkV1.ts b/src/relayer-provider/v1/networkV1.ts
@@ -26,7 +26,17 @@ type CachedKey = {
 
 ////////////////////////////////////////////////////////////////////////////////
 
-const keyurlCache: Record<string, CachedKey> = {};
+// Bounded FIFO cache. Mirrors MAX_KEYURL_CACHE_SIZE in AbstractRelayerProvider.ts.
+const MAX_KEYURL_CACHE_SIZE = 16;
+const keyurlCache = new Map<string, CachedKey>();
+
+/**
+ * Clears the keyurl cache. Exported for testing purposes only.
+ * @internal
+ */
+export function _clearKeyurlCache(): void {
+  keyurlCache.clear();
+}
 
 ////////////////////////////////////////////////////////////////////////////////
 
@@ -35,8 +45,8 @@ export async function getKeysFromRelayer(
   publicKeyId?: string | null,
   options?: FhevmInstanceOptions,
 ): Promise<CachedKey> {
-  if (versionUrl in keyurlCache) {
-    return keyurlCache[versionUrl];
+  if (keyurlCache.has(versionUrl)) {
+    return keyurlCache.get(versionUrl)!;
   }
 
   const data: RelayerGetResponseKeyUrlSnakeCase = (await fetchRelayerV1Get(
@@ -139,7 +149,10 @@ export async function getKeysFromRelayer(
         },
       },
     };
-    keyurlCache[versionUrl] = result;
+    if (keyurlCache.size >= MAX_KEYURL_CACHE_SIZE) {
+      keyurlCache.delete(keyurlCache.keys().next().value!);
+    }
+    keyurlCache.set(versionUrl, result);
     return result;
   } catch (e) {
     throw new Error('Impossible to fetch public key: wrong relayer url.', {
diff --git a/src/relayer-provider/v2/RelayerV2Provider_keyurl.test.ts b/src/relayer-provider/v2/RelayerV2Provider_keyurl.test.ts
@@ -441,6 +441,41 @@ describeIfFetchMock('RelayerV2Provider - TFHEPkeParams Caching', () => {
     expect(mockTFHEPkeParamsFetch).toHaveBeenCalledTimes(1);
   });
 
+  it('FIFO eviction: 17th provider evicts first provider cache entry', async () => {
+    const BASE_URL = 'https://test-relayer.net/eviction';
+
+    // Register 17 unique /keyurl mocks
+    for (let n = 0; n < 17; n++) {
+      fetchMock.get(
+        `${BASE_URL}/provider-${String(n).padStart(2, '0')}/keyurl`,
+        relayerV1ResponseGetKeyUrl,
+      );
+    }
+
+    // Create 17 providers
+    const providers = Array.from({ length: 17 }, (_, n) =>
+      createRelayerProvider(
+        `${BASE_URL}/provider-${String(n).padStart(2, '0')}`,
+        1,
+      ),
+    );
+
+    // Fetch all 17 — fills the cache to 16 and evicts provider-00 on provider-16
+    for (const provider of providers) {
+      await provider.fetchTFHEPkeParams();
+    }
+
+    expect(mockTFHEPkeParamsFetch).toHaveBeenCalledTimes(17);
+
+    // provider-01 is still in cache (only provider-00 was evicted by provider-16)
+    await providers[1].fetchTFHEPkeParams();
+    expect(mockTFHEPkeParamsFetch).toHaveBeenCalledTimes(17);
+
+    // Re-fetch provider-00 — it was evicted, so spy should be called again
+    await providers[0].fetchTFHEPkeParams();
+    expect(mockTFHEPkeParamsFetch).toHaveBeenCalledTimes(18);
+  });
+
   it('caches separately for different relayer URLs', async () => {
     const testRelayerUrlV2 = TEST_CONFIG.v2.fhevmInstanceConfig.relayerUrl;
     let fetchCount1 = 0;
