Bounty: 10 RTC
Problem
The /relay/ping endpoint in beacon_chat.py accepts any JSON body with an agent_id and auto-registers it into the Atlas directory with no authentication. This allows anyone to pollute the agent directory with fake agents or impersonate real ones.
What needs to happen
- Require the ping payload to include an Ed25519 signature proving the caller owns the private key for the
agent_id
- For existing agents (heartbeat updates), require the relay token
- Add tests proving an unsigned ping is rejected
Files
Scottcjn/beacon-skill/atlas/beacon_chat.py — lines 1653-1732 (relay_ping() function)- Reference:
beacon_skill/identity.py for how signatures work
Reward
10 RTC — paid to your RustChain wallet upon merge.
How to claim
- Comment "I'm working on this" below
- Fork the repo, make your fix, open a PR
- Include test coverage
Bounty: 10 RTC
Problem
The
/relay/pingendpoint inbeacon_chat.pyaccepts any JSON body with anagent_idand auto-registers it into the Atlas directory with no authentication. This allows anyone to pollute the agent directory with fake agents or impersonate real ones.What needs to happen
agent_idFiles
Scottcjn/beacon-skill/atlas/beacon_chat.py— lines 1653-1732 (relay_ping()function)beacon_skill/identity.pyfor how signatures workReward
10 RTC — paid to your RustChain wallet upon merge.
How to claim