Severity: Info
File: src/Servy.Core/Security/ProtectedKeyProvider.cs
Lines: 195-197
Description:
The retry loop comment promises exponential backoff:
// Exponential backoff: Wait longer with each failure
Thread.Sleep(100 * (attempt + 1));
But the math is linear: 100 * (attempt + 1) for attempt = 0, 1, 2 yields 100ms, 200ms, 300ms. True exponential would be 100 * (1 << attempt) (100, 200, 400) or 100 * Math.Pow(2, attempt).
The total wait budget is 600ms either way (3 attempts × max 300ms), so the operational impact is negligible. The bug is purely in the doc-vs-code agreement, but it sets a wrong expectation for someone copying this loop into another file (or for someone reasoning about retry storm behavior under load).
For comparison, Servy.Infrastructure/Data/DapperExecutor.cs:67/115 correctly uses Math.Pow(2, i) for the same intent.
Suggested fix:
Either fix the math to match the comment (Thread.Sleep(100 * (1 << attempt))) or fix the comment to match the math (// Linear backoff: 100ms, 200ms, 300ms). The latter is the safer minimal change.
Severity: Info
File:
src/Servy.Core/Security/ProtectedKeyProvider.csLines: 195-197
Description:
The retry loop comment promises exponential backoff:
But the math is linear:
100 * (attempt + 1)for attempt = 0, 1, 2 yields 100ms, 200ms, 300ms. True exponential would be100 * (1 << attempt)(100, 200, 400) or100 * Math.Pow(2, attempt).The total wait budget is 600ms either way (3 attempts × max 300ms), so the operational impact is negligible. The bug is purely in the doc-vs-code agreement, but it sets a wrong expectation for someone copying this loop into another file (or for someone reasoning about retry storm behavior under load).
For comparison,
Servy.Infrastructure/Data/DapperExecutor.cs:67/115correctly usesMath.Pow(2, i)for the same intent.Suggested fix:
Either fix the math to match the comment (
Thread.Sleep(100 * (1 << attempt))) or fix the comment to match the math (// Linear backoff: 100ms, 200ms, 300ms). The latter is the safer minimal change.