Anybody can view the magnet URI's from the emitted event.

[darshanraju]

A bad actor may act maliciously with the magnet URI's. Possibly bring down the torrenting client on the data scientists machine.

[Trabing]

How?

[darshanraju]

its in plaintext and its emmited from an event https://github.com/morphware/service/blob/4cbf23da52415bdec078f69deb69862e5ffcfe38/contracts/JobFactory.sol#L232

[Trabing]

But how would knowing the magnet link bring down the torrenting client on the data scientists machine?

[darshanraju]

I have no idea, haven't looked into it. I'm thinking this may be a possible attack vector.

[Trabing]

I think primary attack vector is bad actors winning auctions or being pseudo-randomly selected as validators and seeding bad files, like worms or viruses, to validators or data scientists; which is why I keep crowing about namespace isolation