Security hardening: CORS, error sanitization, rate limiting, input validation #37

New issue

Closed

opened 2026-03-02 03:20:17 +00:00 by mik-tf · 0 comments

mik-tf commented

2026-03-02 03:20:17 +00:00

Member

Implements security fixes identified in audit (#32):

Restrict CORS to known origins (env-configurable)
Sanitize all error messages to avoid leaking chain internals
Add pending session cap (MAX_PENDING = 10,000) to prevent memory exhaustion
Add signer verification on transfer/opt-out submit
Fix float precision loss in TFT-to-planck conversion
Validate and cap farm_ids input (max 100)
Add RPC timeouts (30s read, 120s finalization)
Add 4KB request body size limit
Add security headers via Caddy (HSTS, CSP, X-Frame-Options, etc.)
Bind backend port to 127.0.0.1 in Docker
Default gateway URL to HTTPS

Implements security fixes identified in audit (#32): - Restrict CORS to known origins (env-configurable) - Sanitize all error messages to avoid leaking chain internals - Add pending session cap (MAX_PENDING = 10,000) to prevent memory exhaustion - Add signer verification on transfer/opt-out submit - Fix float precision loss in TFT-to-planck conversion - Validate and cap farm_ids input (max 100) - Add RPC timeouts (30s read, 120s finalization) - Add 4KB request body size limit - Add security headers via Caddy (HSTS, CSP, X-Frame-Options, etc.) - Bind backend port to 127.0.0.1 in Docker - Default gateway URL to HTTPS