According to Odaily, the StarkWare Ecosystem Chief has raised concerns about potential security vulnerabilities in Fractal Bitcoin through a post on the X platform. The issues highlighted include several critical points that could expose users to various risks.
Firstly, the RPC credentials are hard-coded and cannot be configured through environment variables. This makes the RPC server publicly exposed and susceptible to attacks. Additionally, allowing RPC connections from any IP address is highly dangerous, as it could make users' nodes vulnerable to potential attacks from any location.
Furthermore, certain settings permit ZeroMQ connections from any IP address, which poses significant security risks. The removal of connection limits could lead to resource exhaustion. Lastly, the difficulty in identifying the official GitHub organization or repository adds to the security concerns.