Memory Leak: Unbounded keyurlCache Can Grow Indefinitely

File: src/relayer/network.ts

Description

The keyurlCache object has no eviction strategy or size limits. In long-running processes with many different relayer URLs, this cache will grow indefinitely, causing memory leaks that can eventually crash the application.

Impact

• Memory exhaustion: In long-running applications (servers, daemons, background workers), the cache will continuously grow
• Performance degradation: As cache grows, memory pressure increases, leading to slower performance
• Application crashes: Eventually, the process may run out of memory and crash
• Unpredictable behavior: For a cryptographic SDK that may be embedded in critical infrastructure, this is particularly concerning

Current Implementation

// src/relayer/network.ts
const keyurlCache = {}; // No size limits or eviction policy

The cache accumulates entries for every unique relayer URL encountered, with no mechanism to remove old or unused entries.

Suggested Fix

Implement an LRU (Least Recently Used) cache eviction strategy:

// Use a proper LRU cache implementation
import LRUCache from 'lru-cache';

const keyurlCache = new LRUCache({
  max: 500, // Maximum number of items
  maxAge: 1000 * 60 * 60 // 1 hour TTL
});

Or implement a simple size-based eviction:

const MAX_CACHE_SIZE = 500;
const keyurlCache = {};

function addToCache(key, value) {
  if (Object.keys(keyurlCache).length >= MAX_CACHE_SIZE) {
    // Remove oldest or random entry
    delete keyurlCache[Object.keys(keyurlCache)[0]];
  }
  keyurlCache[key] = value;
}

Labels

• bug
• performance
• memory-leak

This issue is part of a comprehensive security audit of the relayer-sdk codebase.