Security: BCOS Attestation Integrity Fix by MichaelSovereign · Pull Request #2882 · Scottcjn/Rustchain

MichaelSovereign · 2026-05-02T05:19:48Z

Summary

This PR addresses a critical security flaw in the BCOS attestation endpoint where the report content was not being verified against the provided cryptographic commitment during submission.

Changes

Mandatory Commitment Verification: Added a call to in the route. This ensures that the report body being stored on-chain actually hashes to the commitment that was signed by the reviewer.
Tamper Prevention: Prevents attackers from submitting a validly signed commitment while swapping the report content for malicious or fraudulent data.

Closes #7442

…ottcjn#2288)

…ministic JSON

…warding

… API

…n for auto-settler

…and contract updates

…nfiguration

…llisions

…shes on empty data

…ations in payouts

…in claims eligibility

… report tampering

MichaelSovereign added 21 commits April 12, 2026 16:30

feat: implement RIP-309 Phase 1 Fingerprint Check Rotation

9005379

fix: address Codex review for RIP-309 Phase 1

1c1e41c

fix: complete RIP-309 integration with reward gating and signature fix

d4ad46b

fix: integrate canonical RIP-309 rotation module for reward weighting

4d2b086

fix: bind _handle_get_state signature to msg_id and ttl (arity fix Sc…

d5c825d

…ottcjn#2288)

Security: Hardened P2P sync with replay protection, nonces, and deter…

2080a24

…ministic JSON

Security: Prevent mining reward type confusion in mempool and UTXO apply

464a08e

Security: Hardened Server Proxy with path whitelisting and header for…

ba859a7

…warding

Security: Atomic balance checks and secure hash generation for Bridge…

a84314c

… API

Security: Fix voting precision by migrating from REAL to INTEGER weights

ed6d1e9

Enhancement: Added environment variable support and API authenticatio…

2437488

…n for auto-settler

Security: Implemented cryptographic authentication for bounty claims …

574c26b

…and contract updates

Enhancement: Added address validation and security checks for x402 co…

2aef619

…nfiguration

Security: Fixed potential SQL injection in passport listing

cc7b765

Security: Protected Hall of Rust from SQL injection and data vandalism

9e59f39

Security: Hardened LLM JSON extraction in Sophia Governor

1239068

Security: Switched to full SHA-256 for machine identity to prevent co…

92a73c9

…llisions

Security: Added robustness to cache feature extraction to prevent cra…

4851646

…shes on empty data

Security: Switched from float to Decimal for precise financial calcul…

29c6686

…ations in payouts

Security: Switched from print to logging and improved error handling …

ee06e4e

…in claims eligibility

Security: Enforced commitment matching in BCOS attestation to prevent…

dfbfa93

… report tampering

MichaelSovereign requested a review from Scottcjn as a code owner May 2, 2026 05:19

github-actions Bot added BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) node Node server related tests Test suite changes size/XL PR: 500+ lines labels May 2, 2026

Scottcjn closed this May 3, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security: BCOS Attestation Integrity Fix#2882

Security: BCOS Attestation Integrity Fix#2882
MichaelSovereign wants to merge 21 commits intoScottcjn:mainfrom
MichaelSovereign:security-fix/bcos-commitment-validation

MichaelSovereign commented May 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Uh oh!

Conversation

MichaelSovereign commented May 2, 2026

Summary

Changes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants