fix: prevent timing attacks on x402/Machine Passport admin checks (#4000)#4054
fix: prevent timing attacks on x402/Machine Passport admin checks (#4000)#4054BossChaos wants to merge 1 commit intoScottcjn:mainfrom
Conversation
…ottcjn#4000) - beacon_x402.py: set_agent_wallet admin key validation - rustchain_x402.py: wallet_link_coinbase admin key validation - machine_passport_api.py: create_passport and update_passport admin checks - rips/rustchain-core/networking/p2p.py: secure nonce for P2P messages (Scottcjn#2268) - Supersedes PR Scottcjn#4000 (clean re-submission)
github-actions
Bot
added
BCOS-L1
fengqiankun6-sudo
left a comment
fengqiankun6-sudo
left a comment
There was a problem hiding this comment.
PR #4054 Security Review
Summary
Extends timing side-channel protection to x402 and Machine Passport admin endpoints. Clean re-submission of PR #4000 without branch pollution.
Code Assessment
- Correctness: Consistent use of hmac.compare_digest
- Coverage: x402 + Machine Passport admin endpoints covered
- P2P nonce fix: secrets.token_hex for cryptographically secure nonces
- Testing: test_timing_attack_prevention_x402.py with 4 tests
Severity: SECURITY
Timing attacks on admin endpoints can leak authentication credentials.
Estimated RTC: 20-35
haoyousun60-create
left a comment
haoyousun60-create
left a comment
There was a problem hiding this comment.
Reviewed. Security hardening looks solid. LGTM! 🚀
fengqiankun6-sudo
left a comment
fengqiankun6-sudo
left a comment
There was a problem hiding this comment.
PR Review: Timing Attack Prevention on x402/Passport (PR #4054)
Author: @BossChaos
Scope: 3 files changed (+6, -6)
Labels: BCOS-L1, BCOS-L2, security
Summary
Replaces direct string comparison (!=) with hmac.compare_digest() for admin key checks in 3 endpoint files.
Files Reviewed
node/beacon_x402.py—BEACON_ADMIN_KEYchecknode/machine_passport_api.py—ADMIN_KEYchecknode/rustchain_x402.py—RC_ADMIN_KEYcheck
Code Pattern
# Before (timing attack vulnerable)
if admin_key != expected:
# After (constant-time)
if not hmac.compare_digest(admin_key, expected):Assessment: ✅ Excellent Security Fix
- Timing attack — All 3 endpoints were vulnerable to admin key guessing via timing measurement
- Correct pattern —
hmac.compare_digest()is the Python standard library solution for this - Consistent — All 3 files follow the same fix pattern
Est. Reward: Security-focused — 15-25 RTC
Recommended: Approve
fengqiankun6-sudo
left a comment
fengqiankun6-sudo
left a comment
There was a problem hiding this comment.
LGTM! Good security fix. ✅
|
HOLD per Codex tick (2026-05-10T0204Z). @BossChaos: timing-attack PR drags unrelated RIPS/P2P scope into the diff. Do not faucet-pay as a clean low-tier fix; rescope and resubmit. — auto-triage 2026-05-10 |
|
Closing per HOLD walkthrough (2026-05-10). Timing-attack PR scope is contaminated by unrelated RIPS/P2P changes. Same branch-hygiene pattern as the 148 closed today. Resubmit on a fresh branch from main with just the timing-attack file changes. — auto-triage 2026-05-10 |
4 participants
Summary
Extends timing side-channel protection to x402 and Machine Passport admin endpoints, plus a P2P nonce fix in the RIPS spec.
Changes
node/beacon_x402.py:set_agent_walletadmin key validationnode/rustchain_x402.py:wallet_link_coinbaseadmin key validationnode/machine_passport_api.py:create_passportandupdate_passportadmin checksrips/rustchain-core/networking/p2p.py: Secure nonce generation for P2P messages ([SECURITY AUDIT] Predictable Nonce in p2p.py:122 #2268)tests/test_timing_attack_prevention_x402.py: 4 tests verifying constant-time comparisonsContext
This is a clean re-submission of PR #4000. The original PR was held due to branch pollution (1141 lines of unrelated social mining code). This PR contains only the verified security fixes.
Supersedes #4000.