Nettitude has found a memory leak in the Iroha daemon which can be triggered remotely. During a test run during which the supplied example script “tx-example.py” was executed 5000 times, a total of 1920288 bytes in 20003 blocks was leaked. This corresponds to an average of 384 bytes lost per iteration.
Taken to extremes, this behaviour could be used to mount a denial of service attack (although the number of transactions required would be large).
An attempt was made to demonstrate this using the ulimit command to constrain the amount of memory available to the irohad daemon. This was nominally successful, resulting in a segmentation fault, although fragmentation of the heap will also have contributed to that outcome.
The cause in all of the cases observed appears to be failure to delete the object returned by the function shared_model::interface::Transaction::makeOldModel(). Currently this is returned using a built-in pointer. In some instances this is then converted to a shared_ptr by the caller, but not all callers do this (and in any event, this course of action is less safe than using make_shared).
The safest solution would be for makeOldModel to be altered to return a shared_ptr, with appropriate changes at points where it is called.