arbiter

suspicious as keywords

#86 opened 2026-04-09 16:37:28 +00:00 by CleverWild feat-lints

1

push_len_prefixed casts usize to u32 that may truncate on 64-bit targets

#85 opened 2026-04-09 13:58:26 +00:00 by CleverWild

The apocalypse due to casting i64 timestamp to sql Integer(i32)

#84 opened 2026-04-08 20:33:01 +00:00 by CleverWild

Not using quantum-resistant schemes

#79 opened 2026-04-07 08:09:46 +00:00 by Skipper

1

Mutation Testing: Missing Test Coverage (~184 genuine gaps from 225 mutations)

#75 opened 2026-04-06 10:02:20 +00:00 by Skipper 0 / 162

Zombie user-agent sessions can block all new client approvals

#74 opened 2026-04-05 16:23:12 +00:00 by Skipper

Consumed bootstrap token is not zeroized in memory

#73 opened 2026-04-05 16:23:12 +00:00 by Skipper

Wallet-access revocation deletes by wallet_id instead of entry id

#71 opened 2026-04-05 16:23:11 +00:00 by Skipper

Client approval quorum differs from documented consensus model

#70 opened 2026-04-05 16:23:10 +00:00 by Skipper

RequestTracker allows arbitrary gaps across request flows

#68 opened 2026-04-05 16:23:09 +00:00 by Skipper

Bootstrap token RNG seeding should be made explicit

#67 opened 2026-04-05 16:23:09 +00:00 by Skipper

Transaction logs can be tampered with to reset rate limits

#66 opened 2026-04-05 16:23:08 +00:00 by Skipper

Integrity envelopes do not survive root key rotation

#65 opened 2026-04-05 16:23:08 +00:00 by Skipper

User-agent signing endpoint accepts arbitrary client_id

#64 opened 2026-04-05 16:23:07 +00:00 by Skipper

SDK client metadata is silently rewritten on reconnect

#63 opened 2026-04-05 16:23:07 +00:00 by Skipper

Bootstrap token registration lacks proof of possession

#62 opened 2026-04-05 16:23:06 +00:00 by Skipper

Unseal and bootstrap handshake lack brute-force protection

#60 opened 2026-04-05 16:23:05 +00:00 by Skipper

Bootstrap token persists on disk with weak file permissions

#59 opened 2026-04-05 16:23:05 +00:00 by Skipper

revoked_at is not included in signature

#56 opened 2026-04-05 16:11:01 +00:00 by Skipper

Encrypted key material not bound to wallet address — cross-wallet signing possible

#54 opened 2026-04-05 16:07:17 +00:00 by Skipper