Give allocation back if signature validation fails

Author: brunorijsman

hub/peer_client.py

@@ -106,7 +106,10 @@ async def check_request_signature(self, raw_request: fastapi.Request):
         computed_signature = signing_key.sign([query, body])
         signature_ok = received_signature.same_as(computed_signature)
         if not signature_ok:
-            # TODO: Give allocation back to pool
+            # If the signature validation fails, we give the allocation for the signing key
+            # back to the pool. This is to prevent an attacker exhausting the pool (denial of
+            # service) by sending lots of badly signed messages.
+            allocation.give_back()
             LOGGER.warning(
                 f"Invalid signature received from peer client '{self._client_name}'"
             )