Skip to content

Security: Anti-Double-Mining Detection Hardening#2913

Closed
MichaelSovereign wants to merge 52 commits intoScottcjn:mainfrom
MichaelSovereign:security-fix/anti-double-mining-ip-join
Closed

Security: Anti-Double-Mining Detection Hardening#2913
MichaelSovereign wants to merge 52 commits intoScottcjn:mainfrom
MichaelSovereign:security-fix/anti-double-mining-ip-join

Conversation

@MichaelSovereign
Copy link
Copy Markdown
Contributor

@MichaelSovereign MichaelSovereign commented May 2, 2026

Summary

This PR improves the accuracy and performance of the duplicate miner identity detection logic.

Changes

  1. IP Correlation: Refactored to use a SQL JOIN with . This allows the detection engine to consider source IP addresses as an additional corroborating signal when identifying multiple miner IDs running on the same physical machine.
  2. Query Optimization: Streamlined the data retrieval process to reduce the number of individual SQL queries per epoch settlement.
  3. Data Integrity: Ensures that only miners with valid attestation records are processed for rewards.

Closes #7458

@MichaelSovereign
feat: implement RIP-309 Phase 1 Fingerprint Check Rotation
9005379
@MichaelSovereign
fix: address Codex review for RIP-309 Phase 1
1c1e41c
@MichaelSovereign
fix: complete RIP-309 integration with reward gating and signature fix
d4ad46b
@MichaelSovereign
fix: integrate canonical RIP-309 rotation module for reward weighting
4d2b086
@MichaelSovereign
fix: bind _handle_get_state signature to msg_id and ttl (arity fix Sc…
d5c825d 
…ottcjn#2288)
@MichaelSovereign
Security: Hardened P2P sync with replay protection, nonces, and deter…
2080a24 
…ministic JSON
@MichaelSovereign
Security: Prevent mining reward type confusion in mempool and UTXO apply
464a08e
@MichaelSovereign
Security: Hardened Server Proxy with path whitelisting and header for…
ba859a7 
…warding
@MichaelSovereign
Security: Atomic balance checks and secure hash generation for Bridge…
a84314c 
… API
@MichaelSovereign
Security: Fix voting precision by migrating from REAL to INTEGER weights
ed6d1e9
@MichaelSovereign
Enhancement: Added environment variable support and API authenticatio…
2437488 
…n for auto-settler
@MichaelSovereign
Security: Implemented cryptographic authentication for bounty claims …
574c26b 
…and contract updates
@MichaelSovereign
Enhancement: Added address validation and security checks for x402 co…
2aef619 
…nfiguration
@MichaelSovereign
Security: Fixed potential SQL injection in passport listing
cc7b765
@MichaelSovereign
Security: Protected Hall of Rust from SQL injection and data vandalism
9e59f39
@MichaelSovereign
Security: Hardened LLM JSON extraction in Sophia Governor
1239068
@MichaelSovereign
Security: Switched to full SHA-256 for machine identity to prevent co…
92a73c9 
…llisions
@MichaelSovereign
Security: Added robustness to cache feature extraction to prevent cra…
4851646 
…shes on empty data
@MichaelSovereign
Security: Switched from float to Decimal for precise financial calcul…
29c6686 
…ations in payouts
@MichaelSovereign
Security: Switched from print to logging and improved error handling …
ee06e4e 
…in claims eligibility
@MichaelSovereign
Security: Enforced commitment matching in BCOS attestation to prevent…
dfbfa93 
… report tampering
@MichaelSovereign
Security: Added database-level CHECK constraints for transaction amou…
1b134b4 
…nts to prevent negative value injection
@MichaelSovereign
Security: Hardened claim ID generation to prevent potential ID collis…
179a811 
…ions
@MichaelSovereign
Security: Prevented field-level DoS in hardware binding by capping MA…
11e7c32 
…C address and flag storage
@MichaelSovereign
Security: Implemented HMAC authentication for P2P state and attestati…
a0cee05 
…on endpoints to prevent data leakage
@MichaelSovereign
Security: Implemented atomic transactions for IP rate limiting to pre…
88cac3f 
…vent race condition bypass
@MichaelSovereign
Security: Implemented input sanitization to prevent prompt injection …
a6ec6e6 
…in Sophia Inspector
@MichaelSovereign
Enhancement: Added environment variable support and timeout protectio…
2d532ae 
…n for Ergo anchoring
@MichaelSovereign
Security: Prevented Sybil attacks in Warthog rewards by enforcing uni…
140f85d 
…que WART addresses per epoch
@MichaelSovereign
Security: Enforced global uniqueness for GitHub accounts and wallets …
631c761 
…in airdrop to prevent double-claiming
@MichaelSovereign
Security: Implemented monotonic and future-limit validation for block…
1064d58 
… timestamps
@MichaelSovereign
Security: Implemented atomic fetch-and-lock for withdrawals to preven…
c9f3e89 
…t double payout race conditions
@MichaelSovereign
Security: Implemented 'settling' status to prevent double settlement …
96d5ac4 
…in case of server crash
@MichaelSovereign
Security: Hardened external subprocess calls and improved error handl…
d53dd6f 
…ing in hardware fingerprinting
@MichaelSovereign
Security: Prevented network mapping by removing internal peer history…
7e9ed4f 
… from sync status response
@MichaelSovereign
Security: Hardened consensus probe with secure HTTP requests and erro…
08737d7 
…r sanitization
@MichaelSovereign
Enhancement: Implemented fee-based mempool prioritization to prevent …
65df217 
…transaction spam
@MichaelSovereign
Enhancement: Added application-level support for transaction fees in …
046a2cd 
…TX handler
@MichaelSovereign
Security: Prevented authentication bypass in governor inbox when admi…
924104b 
…n key is unconfigured
@MichaelSovereign
Security: Enforced strict admin authentication for passport updates a…
97bdcba 
…nd log entries
@MichaelSovereign
Security: Doubled Beacon agent ID length to prevent hash collisions i…
0b9c7d2 
…n large-scale deployments
@MichaelSovereign
Security: Prevented authentication bypass in review service when admi…
e5032eb 
…n key is unconfigured
@MichaelSovereign
Security: Added registration pool limits and deterministic JSON hashi…
d0e980a 
…ng in Elya Service
@MichaelSovereign
Security: Hardened file hashing and added algorithm validation in ROM…
270dd5b 
… fingerprint database
@MichaelSovereign
Security: Fixed potential SQL injection in GPU node filtering by impl…
03dbdbc 
…ementing job type whitelisting
@MichaelSovereign
Security: Prevented directory traversal in badge metadata storage by …
a8178f3 
…sanitizing IDs
@MichaelSovereign
Enhancement: Added multi-chain address validation support for RustCha…
4af2b70 
…in, Base, and Ethereum
@MichaelSovereign
Security: Implemented serial number validation and placeholder blocki…
a2609b2 
…ng in hardware binding
@MichaelSovereign
Security: Improved double-mining detection by joining with IP metadat…
13bdde1 
…a and streamlining queries
@MichaelSovereign MichaelSovereign requested a review from Scottcjn as a code owner May 2, 2026 05:49
@github-actions github-actions Bot added BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) BCOS-L2 Beacon Certified Open Source tier BCOS-L2 (required for non-doc PRs) consensus Consensus/RIP-200 related node Node server related tests Test suite changes size/XL PR: 500+ lines labels May 2, 2026
jaxint
jaxint approved these changes May 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@jaxint jaxint left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Review: Anti-Double-Mining Detection

Summary

This PR addresses a security vulnerability in the RustChain codebase.

Key Changes

  • node/airdrop_v2.py: +8 -4
  • node/anti_double_mining.py: +11 -36
  • node/arch_cross_validation.py: +7 -2

Assessment

Approve — Meaningful security fix.

Reviewed by: jaxint
Wallet: AhqbFaPBPLMMiaLDzA9WhQcyvv4hMxiteLhPk3NhG1iG

@jaxint jaxint mentioned this pull request May 3, 2026
Open
@Scottcjn
Copy link
Copy Markdown
Owner

Scottcjn commented May 3, 2026

Closing as part of Tier 0 hard-ban cleanup — see #3074 / #3104 / #3169 for the documented incident chain. All MichaelSovereign PRs are closed unread per the Tier 0 contract. No review path; no future PRs from this account will be processed. (See feedback_michaelsovereign_tier0_2026-05-02.md.)

@Scottcjn Scottcjn closed this May 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Scottcjn Scottcjn Awaiting requested review from Scottcjn Scottcjn is a code owner

1 more reviewer

@jaxint jaxint jaxint approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

BCOS-L1 Beacon Certified Open Source tier BCOS-L1 (required for non-doc PRs) BCOS-L2 Beacon Certified Open Source tier BCOS-L2 (required for non-doc PRs) consensus Consensus/RIP-200 related node Node server related size/XL PR: 500+ lines tests Test suite changes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MichaelSovereign @Scottcjn @jaxint