Closed Githubuser60 closed 1 year ago
đ¤ Assignees for issue Famed Retroactive Rewards #25 are now eligible to Get Famed.
â Add assignees to track contribution times of the issue đĻ¸ââī¸đĻšī¸ â Add a single severity (CVSS) label to compute the score đˇī¸ī¸
Happy hacking! đĻžđâ¤ī¸ī¸
@Githubuser60 - you Got Famed! đ Check out your new score here: https://leaderboard.morphysm.com/teams/Githubuser60/famed-demo | Contributor | Time | Reward |
---|---|---|---|
Githubuser60 | 1632h0m0s | 2444 POINTS |
UID: CL-2021-39
Severity: medium
Type: BUG
Affected Clients: Lighthouse
Summary: A validator client uses two API keys: ".secp-sk" (secret key) and "api-token.txt" (the corresponding public key). Both files are stored in a user directory with 644 permission bits. So any user on the host can read them.
Links: https://github.com/sigp/lighthouse/issues/2437
Reported: 2021-07-07
Fixed: 2021-09-13
Published: 2021-12-01
Bounty Hunter: Taurus
Bounty Points: Part of EF initiated Security Audit: https://arxiv.org/abs/2109.11685