security: disable debug-tracer API in archive node chain configs

[Copilot]

The debug-tracer Ethereum API was enabled on both archive node chain configurations, exposing full EVM execution traces to external callers — enabling contract reverse engineering, internal state disclosure, and DoS via expensive trace calls.

Changes

• Removed debug-tracer from eth-apis in both archive node chain configs:
  • avalanchego/configs/chains/2PDRxzc6jMbZSTLb3sufkVszgQc2jtDnYZGtDTAAfom1CTwPsE/config.json
  • avalanchego/configs/chains/2oo5UvYgFQikM7KBsMXFQE3RQv3xAFFc8JY2GEBNBF1tp4JaeZ/config.json

"eth-apis": [
    "eth",
    "eth-filter",
    "net",
    "web3",
    "internal-eth",
    "internal-blockchain",
    "internal-transaction",
    "internal-tx-pool"
]

If debug tracing is needed, it should be re-enabled only on non-public nodes with explicit access controls.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Security][High] Disable debug-tracer API in archive node chain configurations</issue_title>
<issue_description>## Summary

Archive node chain configurations expose the debug-tracer Ethereum API, which allows external callers to trace transaction execution and extract internal EVM state. This API should not be enabled on production or public-facing archive nodes.

Affected Files

• avalanchego/configs/chains/2PDRxzc6jMbZSTLb3sufkVszgQc2jtDnYZGtDTAAfom1CTwPsE/config.json (Line 13)
• avalanchego/configs/chains/2oo5UvYgFQikM7KBsMXFQE3RQv3xAFFc8JY2GEBNBF1tp4JaeZ/config.json (Line 13)

Current Configuration

"eth-apis": [
    "eth",
    "eth-filter",
    "debug-tracer"
]

Security Impact

• Transaction tracing: Attackers can replay any transaction with full internal state visibility
• Smart contract reverse engineering: Internal call traces expose contract logic and state transitions
• Resource exhaustion: Debug tracing is computationally expensive and can be used for DoS attacks
• Information disclosure: Exposes internal EVM execution details not meant for public consumption

Suggested Fix

Remove debug-tracer from eth-apis in both chain config files. If debug tracing is needed for development, it should only be enabled on non-public nodes with access controls:

"eth-apis": [
    "eth",
    "eth-filter"
]

If debug access is required for specific use cases, add it behind authentication or restrict to localhost-only access.

Generated by Health Monitor with Omni</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Security][High] Disable debug-tracer API in archive node chain configurations #125

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.