fix: RIP-201 Bucket Normalization Spoofing — Bounty #554#1957
Merged
Scottcjn merged 1 commit intoScottcjn:mainfrom Mar 29, 2026
Merged
Conversation
Closes: Scottcjn/rustchain-bounties#554 Problem (liu971227-sys / Rustchain#551): classify_miner_bucket() trusted raw client-reported device_arch with no cross-validation. A modern x86 machine could claim device_arch=G4 and get routed into vintage_powerpc (2.5× multiplier) instead of modern (1.0×). Changes to fleet_immune_system.py: 1. Added arch_validation_results DB table to persist server-side validation outcomes (miner, claimed_arch, validated, validation_score, bucket). 2. Added run_arch_validation_for_attestation() — integration hook to call after fingerprint collection. Uses arch_cross_validation.validate_arch_ consistency() and stores result in DB. Score < 0.70 → 'modern' bucket. 3. Added store_arch_validation_result() and get_validated_bucket() helpers. 4. Modified classify_miner_bucket(arch, db=None, miner_id=None): - With db+miner_id: reads server-validated bucket from arch_validation_ results table. No DB record or failed validation → 'modern' (safe default). - Without db/miner_id: legacy raw-arch lookup (backwards compatible). 5. Updated classify_miner_bucket() call sites in: - calculate_immune_rewards_equal_split() (primary reward path) - calculate_immune_weights() pressure mode - compute_bucket_pressure() All now pass db+miner_id to use validated buckets. New file tests/test_bucket_spoof_fix.py (6 tests, all passing): 1. Intel Xeon + G4 claim → rejected, lands in 'modern' bucket 2. Real G4 fingerprint + G4 claim → accepted, vintage_powerpc bucket 3. Modern x86 faking AltiVec (has_sse=True) → rejected 4. Unvalidated miner (no record) → defaults to 'modern' (no bonus) 5. Legacy classify_miner_bucket(arch) still works unchanged 6. store/retrieve validation result round-trip GitHub: @B1tor RTC Wallet: RTC2fe3c33c77666ff76a1cd0999fd4466ee81250ff
Contributor
|
Welcome to RustChain! Thanks for your first pull request. Before we review, please make sure:
Bounty tiers: Micro (1-10 RTC) | Standard (20-50) | Major (75-100) | Critical (100-150) A maintainer will review your PR soon. Thanks for contributing! |
github-actions
Bot
added
BCOS-L1
Owner
|
Payment confirmed — LaphoqueRC was paid via on-chain RTC transfer as part of a batch settlement. Total paid to date: 2,155 RTC across all contributions. Thank you for the work. |
FlintLeng
reviewed
Apr 24, 2026
Contributor
FlintLeng
left a comment
FlintLeng
left a comment
There was a problem hiding this comment.
PR #1957 — Review:
Adds arch_validation_results table with miner, claimed_arch, validated, and validation_score columns. The cross-validation score (0.0-1.0) provides quantitative confidence in architecture attestation claims. Good schema design — PRIMARY KEY on miner prevents duplicate entries. ✅
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bucket Normalization Spoofing Fix — Bounty #554
Summary
Fixes Unicode homoglyph and case-sensitivity bypasses in RIP-201 fleet detection bucket normalization.
Changes
fleet_immune_system.py— normalized bucket keys via NFKC + casefoldCloses #554
RTC Wallet:
RTC2fe3c33c77666ff76a1cd0999fd4466ee81250ff