DO NOT open a public GitHub issue for security vulnerabilities.

Report vulnerabilities through GitHub Security Advisories.

Include:

• Description of the vulnerability
• Affected version(s)
• Steps to reproduce
• Potential impact
• Suggested fix (if any)

Consensus Layer

• Proof of Calculation (PoC) verification
• Proof of Work (PoW) validation
• Epoch state transitions
• Deterministic ordering and execution
• State checkpointing and Merkle roots

Execution Environment

• WebAssembly (WASM) VM sandboxing
• Smart contract execution isolation
• Memory safety and resource limits
• Deterministic execution guarantees

Networking

• P2P protocol (libp2p)
• RPC authentication and authorization
• API input validation
• Rate limiting and DoS protection

Cryptography

• Signature verification (Schnorr, ML-DSA)
• Hash functions (SHA256, SHA1 for PoW)
• Key derivation and management
• Address validation

Data Integrity

• Database transaction atomicity
• State consistency across restarts
• Reorg handling

• Third-party dependencies (report to respective maintainers)
• User configuration errors
• Issues in development/test environments only
• Bitcoin Core vulnerabilities (report to Bitcoin Core)
• MongoDB vulnerabilities (report to MongoDB)

1. Network Security

   • Run the node behind a firewall
   • Use TLS for RPC connections
   • Restrict RPC access to trusted IPs

2. System Security

   • Keep the operating system updated
   • Use a dedicated user for running the node
   • Enable disk encryption for state data

3. Operational Security

   • Regularly backup the node state
   • Monitor logs for anomalies
   • Keep the node software updated

• Security Issues: GitHub Security Advisories
• General Issues: GitHub Issues
• Website: opnet.org