Skip to content

Security: Anti-Double-Mining Hash Integrity#2878

Closed
MichaelSovereign wants to merge 17 commits intoScottcjn:mainfrom
MichaelSovereign:security-fix/anti-double-mining-hash
Closed

Security: Anti-Double-Mining Hash Integrity#2878
MichaelSovereign wants to merge 17 commits intoScottcjn:mainfrom
MichaelSovereign:security-fix/anti-double-mining-hash

Conversation

@MichaelSovereign
Copy link
Copy Markdown
Contributor

@MichaelSovereign MichaelSovereign commented May 2, 2026

Summary

This PR improves the machine identity hashing mechanism in the module to prevent potential identity collisions.

Changes

  1. Full Hash Utilization: Replaced the 16-character truncated SHA-256 hash with the full 64-character hex string. This significantly reduces the probability of identity collisions where two distinct physical machines might be incorrectly identified as the same machine, leading to denial of rewards.
  2. Identity Robustness: Ensures that the machine identity is globally unique and cryptographically sound.

Closes #7458

@MichaelSovereign
feat: implement RIP-309 Phase 1 Fingerprint Check Rotation
9005379
@MichaelSovereign
fix: address Codex review for RIP-309 Phase 1
1c1e41c
@MichaelSovereign
fix: complete RIP-309 integration with reward gating and signature fix
d4ad46b
@MichaelSovereign
fix: integrate canonical RIP-309 rotation module for reward weighting
4d2b086
@MichaelSovereign
fix: bind _handle_get_state signature to msg_id and ttl (arity fix Sc…
d5c825d 
…ottcjn#2288)
@MichaelSovereign
Security: Hardened P2P sync with replay protection, nonces, and deter…
2080a24 
…ministic JSON
@MichaelSovereign
Security: Prevent mining reward type confusion in mempool and UTXO apply
464a08e
@MichaelSovereign
Security: Hardened Server Proxy with path whitelisting and header for…
ba859a7 
…warding
@MichaelSovereign
Security: Atomic balance checks and secure hash generation for Bridge…
a84314c 
… API
@MichaelSovereign
Security: Fix voting precision by migrating from REAL to INTEGER weights
ed6d1e9
@MichaelSovereign
Enhancement: Added environment variable support and API authenticatio…
2437488 
…n for auto-settler
@MichaelSovereign
Security: Implemented cryptographic authentication for bounty claims …
574c26b 
…and contract updates
@MichaelSovereign
Enhancement: Added address validation and security checks for x402 co…
2aef619 
…nfiguration
@MichaelSovereign
Security: Fixed potential SQL injection in passport listing
cc7b765
@MichaelSovereign
Security: Protected Hall of Rust from SQL injection and data vandalism
9e59f39
@MichaelSovereign
Security: Hardened LLM JSON extraction in Sophia Governor
1239068
@MichaelSovereign
Security: Switched to full SHA-256 for machine identity to prevent co…
92a73c9 
…llisions
@MichaelSovereign MichaelSovereign requested a review from Scottcjn as a code owner May 2, 2026 05:17
@github-actions github-actions Bot added BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) node Node server related tests Test suite changes size/L PR: 201-500 lines labels May 2, 2026
@Scottcjn Scottcjn closed this May 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Scottcjn Scottcjn Awaiting requested review from Scottcjn Scottcjn is a code owner

Assignees

No one assigned

Labels

BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) node Node server related size/L PR: 201-500 lines tests Test suite changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MichaelSovereign @Scottcjn