Security: unsigned AttestationReport allows wallet tampering and replay

[createkr]

Summary

The miner attestation flow builds and submits an AttestationReport as unsigned JSON. Critical fields such as the destination wallet can therefore be modified before submission without cryptographic detection. Because the report is also tied to a challenge nonce but not authenticated, an attacker who can intercept, relay, or tamper with the submitted report can replace the wallet field and redirect attestation acceptance / downstream reward attribution.

Affected component

• rustchain-miner/src/attestation.rs
• AttestationReport authenticity/integrity handling

Impact

An attacker who can tamper with attestation traffic or replay captured reports can alter critical report fields such as the miner wallet while preserving the rest of the report structure. This breaks attestation integrity and can enable reward redirection or fraudulent attribution.

Why this happens

• AttestationReport is serialized and submitted without a signature over its critical fields
• The nonce alone is not sufficient if the report contents themselves are not authenticated
• Wallet binding is therefore mutable in transit

Suggested fix

• Add a cryptographic signature over the critical attestation fields
• Include the public key and signature with the report
• Verify that tampering with wallet / miner id / nonce / commitment invalidates the report

I have a focused fix prepared and tested.

Wallet: RTC1d48d848a5aa5ecf2c5f01aa5fb64837daaf2f35

[createkr]

I opened a fix PR for this issue: #2056 Wallet: RTC1d48d848a5aa5ecf2c5f01aa5fb64837daaf2f35