blockchaininfinite-loopmalwareinternet-computer

Non-upgradeability due to infinite execution time (if any)?


I read somewhere that canister upgrades can be (e.g. maliciously) prevented by another canister called by it by not returning from the call.

But how come that a call could not return? It is limited by 40 Billion cycles, so any update call finishes in a finite time, doesn't it? What is this time? Can a hacker prolong this time by doing repeated HTTPS outcalls (a slow operation)?

I see a contradiction: I read that canister update may not return in a finite time, but here it is limited. Explain me, please.

P.S. Kapa.AI: "we can estimate that 40 billion instructions would take approximately 2 seconds to execute"


Solution

  • A malicious canister could implement an infinite loop, waiting for responses from other canisters, such as the following Rust code:

    fn malicious_update() {
        loop {
            call(another_canister).await
        }
    }
    

    While a malicious canister is expected to eventually exhaust its cycles, it can effectively delay a response indefinitely.