Alert API authorization mechanism already has protection against unregistered or disabled nodes. In other sense, batches or alerts from disabled nodes will not be accepted, so checking for the scanner's enabled status on scan nodes only prevents them from running bots when they are disabled but doesn't add any more security coverage.
IMHO, to mitigate any risks coming with an arbitrary redundant contract interaction, we should disable this check and let the disabled nodes do whatever they want. Besides, in an ideal world dispatch contract should return 0 assigned bots for disabled nodes anyways.
Alert API authorization mechanism already has protection against unregistered or disabled nodes. In other sense, batches or alerts from disabled nodes will not be accepted, so checking for the scanner's
enabled
status on scan nodes only prevents them from running bots when they are disabled but doesn't add any more security coverage.IMHO, to mitigate any risks coming with an arbitrary redundant contract interaction, we should disable this check and let the disabled nodes do whatever they want. Besides, in an ideal world dispatch contract should return 0 assigned bots for disabled nodes anyways.