fix #1 #2

[nickwest-zkp]

No description provided.

[hashdit-bot]

Pull Request Review

This PR primarily rebrands and migrates deployment tooling from BSC naming to SPC, updates chain/network configuration, and introduces a full Docker-based multi-server deployment workflow. It adds substantial new automation in Python (deploy_cluster.py, file_distributor.py, monitor_cluster.py), plus Docker assets and deployment config for validator/fullnode orchestration. It also updates validator registration flow to separate operator and consensus keys and adjusts shell scripts to support the new key layout and regen-genesis command.

Sensitive Content

Blockchain Address:

• 0x04d63aBCd2b9b1baa327f2Dda0f873F197ccd186 (Ethereum-style address) in .env — INIT_HOLDER
• 0x04d63aBCd2b9b1baa327f2Dda0f873F197ccd186 (Ethereum-style address) in config.toml — MEV builder address
• 0x0000000000000000000000000000000000002002 (Ethereum-style contract address) in create-validator/main.go — StakeHub contract target

Security Issues

🔴 [CRITICAL] Remote command injection via unquoted/interpolated shell variables in SSH exec paths

File: deploy_cluster.py, file_distributor.py, monitor_cluster.py
User/config-controlled values (e.g., server_name, paths from YAML) are interpolated directly into shell commands executed remotely (exec_command) without robust quoting/escaping. If a malicious or compromised config value is introduced, this can lead to arbitrary command execution on deployment targets.
Recommendation: Avoid shell string concatenation for remote execution. Use strict allowlists for identifiers (e.g., server names), escape with shlex.quote, and where possible execute fixed commands with validated arguments only. Treat deployment YAML as untrusted input.

🔴 [CRITICAL] SSH host key verification disabled (MITM risk during deployment)

File: deploy_cluster.py, file_distributor.py, monitor_cluster.py
The code sets paramiko.AutoAddPolicy() for unknown host keys, which blindly trusts first-seen keys and permits man-in-the-middle interception of SSH sessions, including transfer of keys/configs and remote command execution.
Recommendation: Enforce strict host key checking using RejectPolicy() and a managed known_hosts file. Pre-provision host keys and fail closed on mismatch.

🟠 [HIGH] Insecure node exposure with dangerous RPC flags

File: deploy_cluster.py, config.toml, spc_cluster.sh, spc_fullnode.sh
Nodes are started with --allow-insecure-unlock, --rpc.allow-unprotected-txs, open bind addresses (0.0.0.0), permissive CORS (*), and HTTP virtual hosts wildcard. This combination significantly raises risk of unauthorized transaction signing/account abuse if ports are reachable.
Recommendation: Disable insecure flags in non-local environments, bind RPC to localhost or private network only, restrict CORS/hosts, and place authenticated reverse proxy/firewall controls in front of RPC endpoints.

---

Generated by Hashdit Bot. This tool can absolutely NOT replace manual audits.