Skip to content

Security: Payout Precision & Accuracy Fix#2880

Closed
MichaelSovereign wants to merge 19 commits intoScottcjn:mainfrom
MichaelSovereign:security-fix/payout-precision
Closed

Security: Payout Precision & Accuracy Fix#2880
MichaelSovereign wants to merge 19 commits intoScottcjn:mainfrom
MichaelSovereign:security-fix/payout-precision

Conversation

@MichaelSovereign
Copy link
Copy Markdown
Contributor

@MichaelSovereign MichaelSovereign commented May 2, 2026

Summary

This PR fixes a potential floating-point precision vulnerability in the payout validation logic.

Changes

  1. Decimal Migration: Replaced with for all financial calculations and amount quantization. This ensures that small amounts (micro-RTC) are calculated with absolute accuracy, preventing rounding errors that could lead to failed transfers or incorrect fund amounts.
  2. Safe Parsing: Added helper to handle input sanitization using Decimal types.

Closes #7457

@MichaelSovereign
feat: implement RIP-309 Phase 1 Fingerprint Check Rotation
9005379
@MichaelSovereign
fix: address Codex review for RIP-309 Phase 1
1c1e41c
@MichaelSovereign
fix: complete RIP-309 integration with reward gating and signature fix
d4ad46b
@MichaelSovereign
fix: integrate canonical RIP-309 rotation module for reward weighting
4d2b086
@MichaelSovereign
fix: bind _handle_get_state signature to msg_id and ttl (arity fix Sc…
d5c825d 
…ottcjn#2288)
@MichaelSovereign
Security: Hardened P2P sync with replay protection, nonces, and deter…
2080a24 
…ministic JSON
@MichaelSovereign
Security: Prevent mining reward type confusion in mempool and UTXO apply
464a08e
@MichaelSovereign
Security: Hardened Server Proxy with path whitelisting and header for…
ba859a7 
…warding
@MichaelSovereign
Security: Atomic balance checks and secure hash generation for Bridge…
a84314c 
… API
@MichaelSovereign
Security: Fix voting precision by migrating from REAL to INTEGER weights
ed6d1e9
@MichaelSovereign
Enhancement: Added environment variable support and API authenticatio…
2437488 
…n for auto-settler
@MichaelSovereign
Security: Implemented cryptographic authentication for bounty claims …
574c26b 
…and contract updates
@MichaelSovereign
Enhancement: Added address validation and security checks for x402 co…
2aef619 
…nfiguration
@MichaelSovereign
Security: Fixed potential SQL injection in passport listing
cc7b765
@MichaelSovereign
Security: Protected Hall of Rust from SQL injection and data vandalism
9e59f39
@MichaelSovereign
Security: Hardened LLM JSON extraction in Sophia Governor
1239068
@MichaelSovereign
Security: Switched to full SHA-256 for machine identity to prevent co…
92a73c9 
…llisions
@MichaelSovereign
Security: Added robustness to cache feature extraction to prevent cra…
4851646 
…shes on empty data
@MichaelSovereign
Security: Switched from float to Decimal for precise financial calcul…
29c6686 
…ations in payouts
@MichaelSovereign MichaelSovereign requested a review from Scottcjn as a code owner May 2, 2026 05:18
@github-actions github-actions Bot added BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) node Node server related tests Test suite changes size/L PR: 201-500 lines labels May 2, 2026
@Scottcjn Scottcjn closed this May 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Scottcjn Scottcjn Awaiting requested review from Scottcjn Scottcjn is a code owner

Assignees

No one assigned

Labels

BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) node Node server related size/L PR: 201-500 lines tests Test suite changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@MichaelSovereign @Scottcjn