StarkWare Eco-Head Alerts Fractal of Security Issues
StarkWare's ecological director wrote on the X platform that there are security issues with Fractal Bitcoin.
1. RPC credentials are hardcoding and cannot be configured through environment variables, and the RPC server is publicly exposed and vulnerable to attack.
2. Allowing RPC connections from any IP address is also very dangerous, exposing users' nodes to potential attacks from anywhere.
3. Some settings that allow ZeroMQ connections from any IP pose a security risk; removing the limit on the number of connections may result in resource exhaustion.
4. The official GitHub organization or repository is difficult to identify, etc.