security: close all findings from security audit v5

C2: Remove dead PLACEHOLDER Dilithium key and is_valid_system_signature from genesis_constants.rs
C1: Replace silent fallback with hard exit(1) when QNET_BURN_TX_HASH/QNET_BURN_AMOUNT are missing in quantum_crypto.rs
C3: Add automatic rollback in cross-shard transaction on notify failure (production_sharding.rs)
H1: Remove all activation-related code from browser extension background.js (burnOneDevTokens, burnAndActivateNode, activateNode, spendQNCToPool3, startActivationSync, BURN_1DEV_TOKENS handler)
H3: Make QNET_ADMIN_SECRET mandatory for shutdown endpoint - blocked entirely if not configured (rpc.rs + docker-compose.production.yml all 3 services)
H4: Replace SkipServerVerification with SelfSignedCertVerifier + post-handshake verify_peer_cert_node_id() binding TLS cert SAN to claimed node_id on both client and server sides (quic_transport.rs)
M3: Move blocking reqwest IP detection to dedicated OS thread via std::thread::spawn, update all logs to two-level format [DBG][IP]/[INFO][IP]/[WARN][IP] (qnet-node.rs)
N1: Upgrade VRF domain separation to v4 with pk-bound hash_input_keyed() for formal uniqueness guarantee (vrf.rs)
N2: Add block hash integrity check in load_block_by_height - recomputes and verifies against stored hash (storage.rs)
Made-with: Cursor

Author: AIQnetLab

applications/qnet-mobile/android/app/src/main/cpp/dilithium3/poly.c

@@ -473,16 +473,18 @@ void PQCLEAN_DILITHIUM3_CLEAN_poly_uniform_gamma1(poly *a,
 *              SHAKE256(seed).
 *
 * Arguments:   - poly *c: pointer to output polynomial
-*              - const uint8_t mu[]: byte array containing seed of length SEEDBYTES
+*              - const uint8_t mu[]: byte array containing seed of length CTILDEBYTES
+*              NOTE: ML-DSA-65 (FIPS 204) absorbs CTILDEBYTES (48) not SEEDBYTES (32).
+*              Both are passed in, only CTILDEBYTES bytes are used for the challenge hash.
 **************************************************/
-void PQCLEAN_DILITHIUM3_CLEAN_poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]) {
+void PQCLEAN_DILITHIUM3_CLEAN_poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]) {
     unsigned int i, b, pos;
     uint64_t signs;
     uint8_t buf[SHAKE256_RATE];
     shake256incctx state;
 
     shake256_inc_init(&state);
-    shake256_inc_absorb(&state, seed, SEEDBYTES);
+    shake256_inc_absorb(&state, seed, CTILDEBYTES);
     shake256_inc_finalize(&state);
     shake256_inc_squeeze(buf, sizeof buf, &state);
 

applications/qnet-mobile/android/app/src/main/cpp/dilithium3/poly.h

@@ -33,7 +33,7 @@ void PQCLEAN_DILITHIUM3_CLEAN_poly_uniform_eta(poly *a,
 void PQCLEAN_DILITHIUM3_CLEAN_poly_uniform_gamma1(poly *a,
         const uint8_t seed[CRHBYTES],
         uint16_t nonce);
-void PQCLEAN_DILITHIUM3_CLEAN_poly_challenge(poly *c, const uint8_t seed[SEEDBYTES]);
+void PQCLEAN_DILITHIUM3_CLEAN_poly_challenge(poly *c, const uint8_t seed[CTILDEBYTES]);
 
 void PQCLEAN_DILITHIUM3_CLEAN_polyeta_pack(uint8_t *r, const poly *a);
 void PQCLEAN_DILITHIUM3_CLEAN_polyeta_unpack(poly *r, const uint8_t *a);

applications/qnet-mobile/android/app/src/main/cpp/dilithium3/sign.c

@@ -99,13 +99,17 @@ int PQCLEAN_DILITHIUM3_CLEAN_crypto_sign_signature(uint8_t *sig,
     rhoprime = mu + CRHBYTES;
     PQCLEAN_DILITHIUM3_CLEAN_unpack_sk(rho, tr, key, &t0, &s1, &s2, sk);
 
-    /* Compute mu = CRH(tr, msg) */
-    shake256_inc_init(&state);
-    shake256_inc_absorb(&state, tr, TRBYTES);
-    shake256_inc_absorb(&state, m, mlen);
-    shake256_inc_finalize(&state);
-    shake256_inc_squeeze(mu, CRHBYTES, &state);
-    shake256_inc_ctx_release(&state);
+    /* Compute mu = CRH(tr, 0x00 || 0x00 || msg)  — FIPS 204 ML-DSA pure-mode domain */
+    {
+        const uint8_t ml_dsa_prefix[2] = {0x00, 0x00};
+        shake256_inc_init(&state);
+        shake256_inc_absorb(&state, tr, TRBYTES);
+        shake256_inc_absorb(&state, ml_dsa_prefix, 2);
+        shake256_inc_absorb(&state, m, mlen);
+        shake256_inc_finalize(&state);
+        shake256_inc_squeeze(mu, CRHBYTES, &state);
+        shake256_inc_ctx_release(&state);
+    }
 
     for (n = 0; n < RNDBYTES; n++) {
         rnd[n] = 0;
@@ -140,7 +144,7 @@ int PQCLEAN_DILITHIUM3_CLEAN_crypto_sign_signature(uint8_t *sig,
     shake256_inc_finalize(&state);
     shake256_inc_squeeze(sig, CTILDEBYTES, &state);
     shake256_inc_ctx_release(&state);
-    PQCLEAN_DILITHIUM3_CLEAN_poly_challenge(&cp, sig); /* uses only the first SEEDBYTES bytes of sig */
+    PQCLEAN_DILITHIUM3_CLEAN_poly_challenge(&cp, sig); /* ML-DSA-65: uses all CTILDEBYTES (48) bytes */
     PQCLEAN_DILITHIUM3_CLEAN_poly_ntt(&cp);
 
     /* Compute z, reject if it reveals secret */
@@ -254,17 +258,21 @@ int PQCLEAN_DILITHIUM3_CLEAN_crypto_sign_verify(const uint8_t *sig,
         return -1;
     }
 
-    /* Compute CRH(H(rho, t1), msg) */
+    /* Compute mu = CRH(H(pk), 0x00 || 0x00 || msg)  — FIPS 204 ML-DSA pure-mode domain */
     shake256(mu, CRHBYTES, pk, PQCLEAN_DILITHIUM3_CLEAN_CRYPTO_PUBLICKEYBYTES);
-    shake256_inc_init(&state);
-    shake256_inc_absorb(&state, mu, CRHBYTES);
-    shake256_inc_absorb(&state, m, mlen);
-    shake256_inc_finalize(&state);
-    shake256_inc_squeeze(mu, CRHBYTES, &state);
-    shake256_inc_ctx_release(&state);
+    {
+        const uint8_t ml_dsa_prefix[2] = {0x00, 0x00};
+        shake256_inc_init(&state);
+        shake256_inc_absorb(&state, mu, CRHBYTES);
+        shake256_inc_absorb(&state, ml_dsa_prefix, 2);
+        shake256_inc_absorb(&state, m, mlen);
+        shake256_inc_finalize(&state);
+        shake256_inc_squeeze(mu, CRHBYTES, &state);
+        shake256_inc_ctx_release(&state);
+    }
 
     /* Matrix-vector multiplication; compute Az - c2^dt1 */
-    PQCLEAN_DILITHIUM3_CLEAN_poly_challenge(&cp, c); /* uses only the first SEEDBYTES bytes of c */
+    PQCLEAN_DILITHIUM3_CLEAN_poly_challenge(&cp, c); /* ML-DSA-65: uses all CTILDEBYTES (48) bytes */
     PQCLEAN_DILITHIUM3_CLEAN_polyvec_matrix_expand(mat, rho);
 
     PQCLEAN_DILITHIUM3_CLEAN_polyvecl_ntt(&z);

applications/qnet-mobile/patches/react-native-quick-crypto+1.0.15.patch

@@ -0,0 +1,15 @@
+diff --git a/android/CMakeLists.txt b/android/CMakeLists.txt
+--- a/android/CMakeLists.txt
++++ b/android/CMakeLists.txt
+@@ -119,6 +119,12 @@ target_link_libraries(
+ )
+ 
++# Suppress third-party library warnings (OpenSSL 3.x deprecations, virtual function hiding)
++target_compile_options(${PACKAGE_NAME} PRIVATE
++    -Wno-deprecated-declarations
++    -Wno-overloaded-virtual
++)
++
+ if(SODIUM_ENABLED)
+   add_definitions(-DBLSALLOC_SODIUM)
+   find_package(sodium REQUIRED CONFIG)

applications/qnet-mobile/src/components/WalletManager.js

@@ -3543,18 +3543,18 @@ export class WalletManager {
 
       // Hash address (same as Rust: b"QNET_ADDR:" + address.as_bytes())
       const addrHashHex = sha3_256(this.concatBytes(
-        new TextEncoder().encode('QNET_ADDR:'),
-        new TextEncoder().encode(address)
+        Buffer.from('QNET_ADDR:', 'utf8'),
+        Buffer.from(address, 'utf8')
       ));
 
       // Hash account data (same as Rust: b"QNET_ACCOUNT:" + balance(8) + nonce(8) + pending_rewards(8) + address)
       // CRITICAL: Use raw bytes, not hex strings!
       const accountDataBytes = this.concatBytes(
-        new TextEncoder().encode('QNET_ACCOUNT:'),
+        Buffer.from('QNET_ACCOUNT:', 'utf8'),
         this.uint64ToBytes(balance),           // 8 bytes little-endian
         this.uint64ToBytes(nonce),             // 8 bytes little-endian
         this.uint64ToBytes(0),                 // pending_rewards = 0 for basic proof
-        new TextEncoder().encode(address)      // address string bytes
+        Buffer.from(address, 'utf8')           // address string bytes
       );
       let currentHash = sha3_256(accountDataBytes);
 
@@ -3617,18 +3617,17 @@ export class WalletManager {
       );
 
       // Build hash (same as Rust: b"QNET_VALIDATOR_SET:" + epoch + validators)
-      const encoder = new TextEncoder();
       let dataToHash = this.concatBytes(
-        encoder.encode('QNET_VALIDATOR_SET:'),
+        Buffer.from('QNET_VALIDATOR_SET:', 'utf8'),
         this.uint64ToBytes(epoch)
       );
 
       for (const v of sorted) {
         dataToHash = this.concatBytes(
           dataToHash,
-          encoder.encode(v.node_id || ''),
-          encoder.encode(v.address || ''),
-          encoder.encode(v.node_type || ''),
+          Buffer.from(v.node_id || '', 'utf8'),
+          Buffer.from(v.address || '', 'utf8'),
+          Buffer.from(v.node_type || '', 'utf8'),
           this.float64ToBytes(v.reputation || 0),
           this.uint64ToBytes(v.last_seen || 0),
           new Uint8Array([v.is_active ? 1 : 0])
@@ -5289,7 +5288,7 @@ export class WalletManager {
       // v4.7: Include Ed25519 signature + burn_wallet for wallet ownership proof
       const sigTimestamp = Math.floor(Date.now() / 1000);
       const ed25519Message = `qnet_register:${activationCode}:${sigTimestamp}`;
-      const ed25519MsgBytes = new TextEncoder().encode(ed25519Message);
+      const ed25519MsgBytes = Buffer.from(ed25519Message, 'utf8');
       const ed25519Sig = nacl.sign.detached(ed25519MsgBytes, new Uint8Array(walletData.secretKey));
       const ed25519SigHex = Array.from(ed25519Sig).map(b => b.toString(16).padStart(2, '0')).join('');
 
@@ -5498,8 +5497,7 @@ export class WalletManager {
     // blake3::hash("LIGHT_NODE_PRIVACY_{wallet}") → first 8 hex chars
     const { blake3 } = require('@noble/hashes/blake3.js');
     const input = `LIGHT_NODE_PRIVACY_${walletAddress}`;
-    const inputBytes = new TextEncoder().encode(input);
-    const hashBytes = blake3(inputBytes);
+    const hashBytes = blake3(Buffer.from(input, 'utf8'));
     // First 4 bytes → 8 hex chars (matches Rust: &pseudonym_hash.to_hex()[..8])
     const hexHash = Array.from(hashBytes.slice(0, 4))
       .map(b => b.toString(16).padStart(2, '0'))
@@ -5528,7 +5526,7 @@ export class WalletManager {
 
     const timestamp = Math.floor(Date.now() / 1000);
     const message = `client_node_reg:${nodeId}:${walletAddress}:${registrationProof}:${timestamp}`;
-    const messageBytes = new TextEncoder().encode(message);
+    const messageBytes = Buffer.from(message, 'utf8');
 
     const ed25519Sig = nacl.sign.detached(messageBytes, fullSecretKey);
     const signature = Buffer.from(ed25519Sig).toString('hex');
@@ -5648,7 +5646,7 @@ export class WalletManager {
             ed25519GossipPubkey = Buffer.from(kp.publicKey).toString('hex');
             const fullSk = new Uint8Array([...privateKeyBytes, ...kp.publicKey]);
             const gossipMsg = `light_node_gossip:${systemPseudonym}:${walletAddress}`;
-            const sig = nacl.sign.detached(new TextEncoder().encode(gossipMsg), fullSk);
+            const sig = nacl.sign.detached(Buffer.from(gossipMsg, 'utf8'), fullSk);
             ed25519GossipSignature = Buffer.from(sig).toString('hex');
             console.log('[Registration] Ed25519 gossip signature created (hybrid v6.1)');
 
@@ -5784,7 +5782,7 @@ export class WalletManager {
             if (wd && wd.secretKey) {
               signatureTimestamp = Math.floor(Date.now() / 1000);
               const message = `qnet_register:${activationCode}:${signatureTimestamp}`;
-              const messageBytes = new TextEncoder().encode(message);
+              const messageBytes = Buffer.from(message, 'utf8');
               const secretKeyBytes = new Uint8Array(wd.secretKey);
               const sig = nacl.sign.detached(messageBytes, secretKeyBytes);
               ed25519Signature = Array.from(sig).map(b => b.toString(16).padStart(2, '0')).join('');
@@ -5846,6 +5844,7 @@ export class WalletManager {
         // Re-throw server/network errors as-is so WalletScreen shows proper error messages.
         // Only wrap actual Dilithium/Ed25519 crypto errors.
         const msg = dilithiumError.message || '';
+        console.error('[Registration] Error in quantum registration block:', msg);
         const isCryptoError = msg.includes('DilithiumModule') ||
           msg.includes('Dilithium3') ||
           msg.includes('dilithium') ||
@@ -6114,7 +6113,7 @@ export class WalletManager {
       // Hybrid signature: Ed25519 (ownership) + Dilithium3 (quantum-safe)
       // Format matches validator's create_client_signing_message: "claim_rewards:from:to"
       const message = `claim_rewards:${nodeId}:${walletAddress}`;
-      const messageBytes = new TextEncoder().encode(message);
+      const messageBytes = Buffer.from(message, 'utf8');
 
       // Ed25519 signature (nacl needs 64-byte secret key = privateKey + publicKey)
       const fullSecretKey = privateKeyBytes.length === 64 
@@ -6311,7 +6310,7 @@ export class WalletManager {
       // CRITICAL: nonce in TX = account.nonce + 1 (like Ethereum)
       const txNonce = currentNonce + 1;
       const message = `transfer:${fromAddress}:${toAddress}:${amountSmallest}:${txNonce}:${gasPrice}:${gasLimit}`;
-      const messageBytes = new TextEncoder().encode(message);
+      const messageBytes = Buffer.from(message, 'utf8');
 
       // Sign with Ed25519 (nacl needs 64-byte secret key = privateKey + publicKey)
       const fullSecretKey = privateKeyBytes.length === 64 

applications/qnet-mobile/src/screens/WalletScreen.js

@@ -1843,9 +1843,12 @@ const WalletScreen = () => {
           'Could not connect to the QNet network.\n\nPlease check your internet connection and try again.'
         );
       } else if (msg.includes('dilithium') || msg.includes('quantum signature') || msg.includes('signature')) {
+        const detail = error.message || '';
         showAlert(
           'Signature Error',
-          'Failed to create quantum-secure signature for node registration.\n\nPlease try again. If the problem persists, restart the app.'
+          'Failed to create quantum-secure signature for node registration.\n\n' +
+          (detail ? `Details: ${detail}\n\n` : '') +
+          'Please try again. If the problem persists, restart the app.'
         );
       } else {
         showAlert(

applications/qnet-mobile/src/services/PushService.js

@@ -532,7 +532,7 @@ export async function refreshFcmTokenOnServer(nodeId, ed25519SecretKey64) {
     const nacl = require('tweetnacl');
     const timestamp = now;
     const message = `token_refresh:${nodeId}:${timestamp}`;
-    const messageBytes = new TextEncoder().encode(message);
+    const messageBytes = Buffer.from(message, 'utf8');
     const sig = nacl.sign.detached(messageBytes, new Uint8Array(ed25519SecretKey64));
     const signatureHex = Buffer.from(sig).toString('hex');