Skip to content

v0.4.0 — Security Audit + Hardening

Choose a tag to compare

View all tags
@chopmob-cloud chopmob-cloud released this 23 Mar 14:42
· 242 commits to main since this release
v0.4.0
1eaf3da

What's new in v0.4.0

Security hardening

  • HIGH: Strip Authorization header on x402/MPP fetch retry — prevents credential theft by malicious 402 endpoints
  • MED: Wrap all sk.fill(0) in try/finally — secret keys wiped even if signing throws
  • MED: Auto-expire debug log entries after 7 days
  • MED: Pin CSP img-src to explicit WalletConnect subdomains (no wildcards)
  • LOW: Strip console.log/warn/info in production builds via Terser
  • LOW: Validate WC_PROJECT_ID non-empty at service worker startup

Downloads

File Browser Install
algovoi-0.4.0-chrome-edge.zip Chrome / Edge / Brave Unzip → chrome://extensions → Developer mode → Load unpacked
algovoi-0.4.0-firefox.zip Firefox Submitted to AMO for review
algovoi-0.4.0-source.zip Source code for auditors / AMO review

Install (Chrome / Edge / Brave)

  1. Download algovoi-0.4.0-chrome-edge.zip
  2. Unzip to a folder
  3. Open chrome://extensions (or edge://extensions)
  4. Enable Developer mode
  5. Click Load unpacked → select the unzipped folder

Full audit report

See SECURITY_AUDIT.md

Assets 5
Loading