The cleanupESCAnchors function receives a list of entries to be deleted, which gets served as a sequence of consecutive delete operations; processed entries are nevertheless removed to the list when they get added to a DeleteCommandRequest - and not when the command gets successfully completed.

This may cause delete entries to be missed when cleanupESCAnchors is executed within the router loop of CleanupStructuredEncryptionDataCoordinator in case of StaleConfig/Db errors: in such a situation, the error is raised when performing the removal and the function gets called again without recalculating the list of pending delete operations.