I read somewhere that canister upgrades can be (e.g. maliciously) prevented by another canister called by it by not returning from the call.
But how come that a call could not return? It is limited by 40 Billion cycles, so any update call finishes in a finite time, doesn't it? What is this time? Can a hacker prolong this time by doing repeated HTTPS outcalls (a slow operation)?
I see a contradiction: I read that canister update may not return in a finite time, but here it is limited. Explain me, please.
P.S. Kapa.AI: "we can estimate that 40 billion instructions would take approximately 2 seconds to execute"
A malicious canister could implement an infinite loop, waiting for responses from other canisters, such as the following Rust code:
fn malicious_update() {
loop {
call(another_canister).await
}
}
While a malicious canister is expected to eventually exhaust its cycles, it can effectively delay a response indefinitely.