-
Notifications
You must be signed in to change notification settings - Fork 93
Issues
is:issue state:open
is:issue state:open
Issue creation is restricted in this repository
Search results
[SEC-31] (App movil) El flag de demo de build (VITE_DEMO_MODE) puede quedar embebido en el APK release
complexity: lowReproducible con curl/DevTools, sin setup especialReproducible con curl/DevTools, sin setup especialsecurity-auditSecurity audit issueSecurity audit issueStellar WaveEligible for Stellar Drips Wave rewardsEligible for Stellar Drips Wave rewardswave-6-dripsStellar Drips Wave 6Stellar Drips Wave 6wave:frontendmicopay/frontend surfacemicopay/frontend surfaceStatus: Open.#263 In ericmt-98/micopay-protocol;[SEC-27] (App movil) El reporte de errores envia stack y context arbitrario a /client-errors
complexity: lowReproducible con curl/DevTools, sin setup especialReproducible con curl/DevTools, sin setup especialsecurity-auditSecurity audit issueSecurity audit issueStellar WaveEligible for Stellar Drips Wave rewardsEligible for Stellar Drips Wave rewardswave-6-dripsStellar Drips Wave 6Stellar Drips Wave 6wave:frontendmicopay/frontend surfacemicopay/frontend surfaceStatus: Open.#259 In ericmt-98/micopay-protocol;[SEC-24] (App movil) Estado de trade sobrescribible desde localStorage (trade_state_override)
complexity: lowReproducible con curl/DevTools, sin setup especialReproducible con curl/DevTools, sin setup especialsecurity-auditSecurity audit issueSecurity audit issueStellar WaveEligible for Stellar Drips Wave rewardsEligible for Stellar Drips Wave rewardswave-6-dripsStellar Drips Wave 6Stellar Drips Wave 6wave:frontendmicopay/frontend surfacemicopay/frontend surfaceStatus: Open.#256 In ericmt-98/micopay-protocol;[SEC-21] CORS comodín (origin: *) en toda la API + ausencia de cabeceras de seguridad
complexity: lowReproducible con curl/DevTools, sin setup especialReproducible con curl/DevTools, sin setup especialsecurity-auditSecurity audit issueSecurity audit issueStellar WaveEligible for Stellar Drips Wave rewardsEligible for Stellar Drips Wave rewardswave-6-dripsStellar Drips Wave 6Stellar Drips Wave 6Status: Open.#252 In ericmt-98/micopay-protocol;[SEC-17] Reputación del Bazaar inflable: accept acredita swap completado con payer falsificable
complexity: mediumRequiere cuenta, interceptor de tráfico, o conocimiento del protocoloRequiere cuenta, interceptor de tráfico, o conocimiento del protocolosecurity-auditSecurity audit issueSecurity audit issueStellar WaveEligible for Stellar Drips Wave rewardsEligible for Stellar Drips Wave rewardswave-6-dripsStellar Drips Wave 6Stellar Drips Wave 6Status: Open.#248 In ericmt-98/micopay-protocol;[SEC-16] /api/v1/credentials/buy ancla on-chain una Merkle root arbitraria del cliente
complexity: mediumRequiere cuenta, interceptor de tráfico, o conocimiento del protocoloRequiere cuenta, interceptor de tráfico, o conocimiento del protocolosecurity-auditSecurity audit issueSecurity audit issueStellar WaveEligible for Stellar Drips Wave rewardsEligible for Stellar Drips Wave rewardswave-6-dripsStellar Drips Wave 6Stellar Drips Wave 6Status: Open.#247 In ericmt-98/micopay-protocol;[SEC-15] /users/register emite JWT para dirección Stellar no verificada (bypass de firma)
complexity: lowReproducible con curl/DevTools, sin setup especialReproducible con curl/DevTools, sin setup especialsecurity-auditSecurity audit issueSecurity audit issueStellar WaveEligible for Stellar Drips Wave rewardsEligible for Stellar Drips Wave rewardswave-6-dripsStellar Drips Wave 6Stellar Drips Wave 6Status: Open.#246 In ericmt-98/micopay-protocol;[SEC-14] Anti-replay de x402 nunca usa la DB (useDatabase siempre false)
complexity: mediumRequiere cuenta, interceptor de tráfico, o conocimiento del protocoloRequiere cuenta, interceptor de tráfico, o conocimiento del protocolosecurity-auditSecurity audit issueSecurity audit issueStellar WaveEligible for Stellar Drips Wave rewardsEligible for Stellar Drips Wave rewardswave-6-dripsStellar Drips Wave 6Stellar Drips Wave 6Status: Open.#245 In ericmt-98/micopay-protocol;[SEC-13] x402 acepta pago sin confirmarlo on-chain ni verificar firma/saldo
complexity: mediumRequiere cuenta, interceptor de tráfico, o conocimiento del protocoloRequiere cuenta, interceptor de tráfico, o conocimiento del protocolosecurity-auditSecurity audit issueSecurity audit issueStellar WaveEligible for Stellar Drips Wave rewardsEligible for Stellar Drips Wave rewardswave-6-dripsStellar Drips Wave 6Stellar Drips Wave 6Status: Open.#244 In ericmt-98/micopay-protocol;[SEC-12] Bypass total de x402: prefijo mock: en X-PAYMENT sin gate de entorno
complexity: lowReproducible con curl/DevTools, sin setup especialReproducible con curl/DevTools, sin setup especialsecurity-auditSecurity audit issueSecurity audit issueStellar WaveEligible for Stellar Drips Wave rewardsEligible for Stellar Drips Wave rewardswave-6-dripsStellar Drips Wave 6Stellar Drips Wave 6Status: Open.#243 In ericmt-98/micopay-protocol;V-25 · Paying bills & services from a digital wallet
complexity: lowReproducible con curl/DevTools, sin setup especialReproducible con curl/DevTools, sin setup especialresearchMarket/user validation — no code, no PRMarket/user validation — no code, no PRStellar WaveEligible for Stellar Drips Wave rewardsEligible for Stellar Drips Wave rewardswave:docsDrips Wave documentation workDrips Wave documentation workStatus: Open.V-24 · Corner shop as a liquidity provider (supply bootstrap)
complexity: lowReproducible con curl/DevTools, sin setup especialReproducible con curl/DevTools, sin setup especialresearchMarket/user validation — no code, no PRMarket/user validation — no code, no PRStellar WaveEligible for Stellar Drips Wave rewardsEligible for Stellar Drips Wave rewardswave:docsDrips Wave documentation workDrips Wave documentation workwave:retailMicoPay retail mobile app work (micopay/frontend + micopay/backend)MicoPay retail mobile app work (micopay/frontend + micopay/backend)Status: Open.