Email abraham.sewill@proton.me with a description of the issue and steps to reproduce. Please do not open a public GitHub issue for security-sensitive reports.
xchplot2 is a client-side plot builder. It handles:
- Farmer and pool public keys provided on the command line.
- Optional
--seedentropy that derives per-plot subseeds; a weak or reused seed lets an attacker who observes plot IDs correlate plots to the same master key. - BLS key parsing via the
chiaRust crate throughkeygen-rs. - Large file writes into caller-supplied output directories.
Relevant threat model items we want to hear about:
- Key handling: any path where farmer/pool key bytes or the master seed leak into logs, temporary files, crash dumps, or the plot file itself beyond the documented memo payload.
- File-path handling: any way a crafted
-o/out_dir/ memo string escapes the intended output directory or overwrites files outside it (path traversal, symlink races). The atomic.partial+ rename is safe by design; report if you can break it. - Manifest parsing: malformed
batchmanifests that cause out-of-bounds reads, arbitrary allocation, or unchecked sign conversion. - Build-time supply chain: tampering paths in
scripts/install-deps.sh,Containerfile,compose.yaml, or the FetchContent targets (pos2-chip, AdaptiveCpp).
- Proof-of-space soundness and the v2 PoS algorithm itself —
report those upstream in
pos2-chip. - Consensus, farming, or wallet behavior — those belong in
chia-blockchainandchia_rs. - Performance regressions on exotic GPUs — file as a normal bug.
Acknowledgement within a week. Fixes for in-scope issues land on
main (and the cuda-only branch if applicable) with credit in the
commit message unless you prefer otherwise.