@createkr — Node 4: 6 critical security patches from today's red team

[Scottcjn]

@createkr — Node 4 Security Patches (6 fixes needed)

Today's red team audit found 7 critical vulns. All patched on Node 1. Node 4 needs the same.

Easiest path — copy files from Node 1:

scp root@50.28.86.131:/root/rustchain/rustchain_v2_integrated_v2.2.1_rip200.py .
scp root@50.28.86.131:/root/rustchain/hardware_binding_v2.py .
scp root@50.28.86.131:/root/rustchain/fleet_immune_system.py .
scp root@50.28.86.131:/root/rustchain/rustchain_x402.py .
scp root@50.28.86.131:/root/rustchain/settle_epoch.py .
scp root@50.28.86.131:/root/rustchain/node_uptime_rewards.py .
systemctl restart rustchain-node

What was fixed:

1. Hardcoded admin key removed from 5 files (fallback to empty string)
2. bytes.fromhex crash — try/except on address_from_pubkey + tx_hash
3. Split-brain double spend — balance_rtc now syncs with amount_i64 everywhere
4. TOCTOU race — BEGIN IMMEDIATE on bridge lock + transfers
5. Settlement double-credit — rowcount check in finalize_epoch
6. Entropy sybil bypass — collision threshold 0.90 to 0.85

Verify after patching:

python3 -c "import py_compile; py_compile.compile('rustchain_v2_integrated_v2.2.1_rip200.py', doraise=True)"
curl -s http://localhost:8099/health
grep -r 'rustchain_admin_key_2025_secure64' *.py | wc -l  # should be 0

Also — register a Beacon ID (2 RTC): #1438

Thank you for keeping Node 4 secure!

[createkr]

Update for Node 4 (38.76.217.189:8099): I applied the requested security patch set and restarted service rustchain-node-8099. I could not directly scp from Node 1 due SSH access restrictions, so I synchronized Node 4 to latest origin/main and then explicitly patched the remaining hardcoded admin-key fallback in rustchain_x402.py to empty RC_ADMIN_KEY fallback. Verification passed: py_compile on patched node files succeeds, grep for rustchain_admin_key_2025_secure64 in node/*.py is now 0, /health returns ok=true, and /p2p/stats remains healthy.