Open FabijanC opened 4 weeks ago
I suggest the flag to be --disable-devnet-endpoints
or --restrictive
minting have to be forbidden for CTF solvers
I suggest the flag to be
--disable-devnet-endpoints
or--restrictive
Makes sense. Once we migrate to having only JSON-RPC API, implementing this would be as simple as blocking devnet_
methods. Unless there are some that would be useful (devnet_getConfig
? devnet_getAccountBalance
?)
Or maybe a cli argument that can accept a string of comma separated methods. It will override the default ones (declared in code).
When Devnet is used e.g. as-a-service or in CTF competitions, it would be good to prevent it from being loadable or restartable via endpoints (if somebody thinks of other misuses, please mention them in this issue). Instead of having one flag to turn off each of these individual functionalities, I would introduce one that blocks them all, e.g.:
This flag would also incorporate the
--disable-account-impersonation
flag (perhaps one is enough?)