Skip to content

Concurrent team creation can generate duplicate slugs and cause team namespace collisions #499

Open
Open
Concurrent team creation can generate duplicate slugs and cause team namespace collisions#499
@Ridanshi

Description

@Ridanshi
Ridanshi
opened on Jun 6, 2026

Summary

Team slug generation relies on availability checks performed separately from persistence.

Under concurrent team creation requests, multiple operations can generate identical slugs.

Affected Files

  • teamService.ts
  • slug.ts

Root Cause

The slug allocation flow performs uniqueness validation before record creation.

Concurrent requests can observe the same available slug and attempt insertion simultaneously.

The workflow lacks transactional slug allocation guarantees.

Reproduction

  1. Create multiple teams with identical or similar names simultaneously.
  2. Observe slug generation.
  3. Inspect resulting team records.
  4. Observe duplicate slug attempts or creation failures.

Expected Behavior

Slug allocation should remain unique under concurrent creation.

Actual Behavior

Concurrent requests can collide on slug generation.

Why This Is Difficult To Detect

Sequential creation behaves correctly.

The issue only appears under concurrency.

Production Impact

  • Team creation failures
  • Namespace collisions
  • Inconsistent URLs
  • User confusion

Suggested Fix

Introduce atomic slug allocation or retry generation on collision.

Severity

Medium-High

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    DevCard
    Status
    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions