Skip to content

fix(C5): replace hardcoded infrastructure IP with localhost + env var#2822

Merged
Scottcjn merged 1 commit intoScottcjn:mainfrom
BossChaos:fix/C5-hardcoded-ip-config
May 1, 2026
Merged

fix(C5): replace hardcoded infrastructure IP with localhost + env var#2822
Scottcjn merged 1 commit intoScottcjn:mainfrom
BossChaos:fix/C5-hardcoded-ip-config

Conversation

@BossChaos
Copy link
Copy Markdown
Contributor

@BossChaos BossChaos commented May 1, 2026

Fix: C5 — Replace hardcoded infrastructure IP with localhost + env var

Finding: [CRITICAL] Hardcoded Infrastructure IP in Default Config
File: cross-chain-airdrop/src/config.rs (lines 74-76)
Reference: #2867

What was changed

  • Replace hardcoded "https://50.28.86.131" with std::env::var("RUSTCHAIN_NODE_URL")
  • Fallback to "http://localhost:8332" (no production IP exposure)

Why

The default node_url was hardcoded to a live IP address, exposing RustChain's production infrastructure to anyone reading the open-source code.

Verification

# Confirm no hardcoded production IP remains
grep -rn "50.28.86.131" cross-chain-airdrop/
# (should return nothing)

Claim: 50-100 RTC (Critical fix bounty)
Wallet: RTC6d1f27d28961279f1034d9561c2403697eb55602

@github-actions github-actions Bot added BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) size/XS PR: 1-10 lines labels May 1, 2026
@BossChaos BossChaos mentioned this pull request May 1, 2026
Closed
@Scottcjn
Copy link
Copy Markdown
Owner

Scottcjn commented May 1, 2026

@BossChaos — clean 1-line config improvement. Default IP 50.28.86.131 → localhost + env var override. Better for local-dev + reproducible deploys.

Payout: 5 RTC (config quality). Wallet queued. Merging.

@Scottcjn Scottcjn merged commit f7f7081 into Scottcjn:main May 1, 2026
11 of 12 checks passed
@BossChaos BossChaos mentioned this pull request May 4, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) size/XS PR: 1-10 lines

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BossChaos @Scottcjn