From a792ea23aff695994814194704b345e26f1d92a9 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 15 Mar 2026 10:50:49 +0000
Subject: [PATCH 1/2] Initial plan


From b6406e7ece537b300ff51c8aa14f59e5de4d5b9f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 15 Mar 2026 10:54:45 +0000
Subject: [PATCH 2/2] Fix security issues: remove Asana URLs, update http-host
 recommendations, deconflict genesis chain IDs

Co-authored-by: numbers-official <181934381+numbers-official@users.noreply.github.com>
---
 README.md                                     | 19 ++++++++-----------
 .../genesis-nativecoin-feemgr-feerecv.json    |  2 +-
 genesis/genesis-nativecoin-feemgr.json        |  2 +-
 genesis/genesis.json                          |  2 +-
 ...subnet-cli-add-subnet-validator-mainnet.sh |  2 +-
 ...subnet-cli-add-subnet-validator-testnet.sh |  2 +-
 6 files changed, 13 insertions(+), 16 deletions(-)

diff --git a/README.md b/README.md
index c207e4b..7600619 100644
--- a/README.md
+++ b/README.md
@@ -284,17 +284,14 @@ waiting for validator 8CGJYaRLChC79CCRnvd7sh5eB9E9L9dVF to start validating GBEw
 ```
 </details>
 
-Launch validator. When running `avalanchego`, add
-
-* `-—http-host=0.0.0.0`: Make MetaMask can access the RPC URL
-* `--http-allowed-hosts="*"`: Allow traffic from the RPC node (since v1.10.3)
+Launch validator. When running `avalanchego`, use `--http-host=127.0.0.1` (default) to restrict the RPC to localhost, and expose it externally via a reverse proxy such as nginx. If direct external access is required, set `--http-host=0.0.0.0` and restrict `--http-allowed-hosts` to specific trusted domain names instead of using a wildcard, to preserve DNS rebinding protection (introduced in v1.10.3).
 
 ```sh
 ./avalanchego \
     --track-subnets=81vK49Udih5qmEzU7opx3Zg9AnB33F2oqUTQKuaoWgCvFUWQe\
     --network-id=fuji \
-    --http-host=0.0.0.0 \
-    --http-allowed-hosts="*" \
+    --http-host=127.0.0.1 \
+    --http-allowed-hosts="<your-rpc-domain.example.com>" \
     --public-ip=<node-public-ip>
 ```
 
@@ -342,7 +339,7 @@ Before validation staking expires, any wallet can not stake to a validator again
 
 Validator version distributions: [mainnet](https://explorer-xp.avax.network/validators), [testnet](https://explorer-xp.avax-test.network/validators)
 
-[Renew Numbers Validators](https://app.asana.com/0/1202305127727547/1202919355642524/f) (internal task)
+Renew Numbers Validators (see internal task tracker)
 
 ## Import Existing L1 in Avalanche CLI
 
@@ -908,9 +905,9 @@ Make a Full Node instance to be an Archive Node instance:
 
     ./avalanchego \
         --track-subnets=${SUBNET_MAINNET} \
-        --http-host=0.0.0.0 \
+        --http-host=127.0.0.1 \
         --public-ip=<node-public-ip> \
-        --http-allowed-hosts="*"
+        --http-allowed-hosts="<your-rpc-domain.example.com>"
     ```
 
     Run an archive node for testnet
@@ -923,9 +920,9 @@ Make a Full Node instance to be an Archive Node instance:
 
     ./avalanchego \
         --track-subnets=${SUBNET_MAINNET} \
-        --http-host=0.0.0.0 \
+        --http-host=127.0.0.1 \
         --public-ip=<node-public-ip> \
-        --http-allowed-hosts="*"
+        --http-allowed-hosts="<your-rpc-domain.example.com>"
     ```
 
 1. (optional) Test an Archive Node
diff --git a/genesis/genesis-nativecoin-feemgr-feerecv.json b/genesis/genesis-nativecoin-feemgr-feerecv.json
index af6ed96..3188e06 100644
--- a/genesis/genesis-nativecoin-feemgr-feerecv.json
+++ b/genesis/genesis-nativecoin-feemgr-feerecv.json
@@ -1,6 +1,6 @@
 {
   "config": {
-    "chainId": 10508,
+    "chainId": 99999,
     "homesteadBlock": 0,
     "eip150Block": 0,
     "eip150Hash": "0x2086799aeebeae135c246c65021c82b4e15a2c451340993aacfd2751886514f0",
diff --git a/genesis/genesis-nativecoin-feemgr.json b/genesis/genesis-nativecoin-feemgr.json
index 9e94914..e0ada39 100644
--- a/genesis/genesis-nativecoin-feemgr.json
+++ b/genesis/genesis-nativecoin-feemgr.json
@@ -1,6 +1,6 @@
 {
   "config": {
-    "chainId": 10508,
+    "chainId": 99999,
     "homesteadBlock": 0,
     "eip150Block": 0,
     "eip150Hash": "0x2086799aeebeae135c246c65021c82b4e15a2c451340993aacfd2751886514f0",
diff --git a/genesis/genesis.json b/genesis/genesis.json
index a060304..22264e4 100644
--- a/genesis/genesis.json
+++ b/genesis/genesis.json
@@ -1,6 +1,6 @@
 {
   "config": {
-    "chainId": 10508,
+    "chainId": 99999,
     "homesteadBlock": 0,
     "eip150Block": 0,
     "eip150Hash": "0x2086799aeebeae135c246c65021c82b4e15a2c451340993aacfd2751886514f0",
diff --git a/subnet-cli/subnet-cli-add-subnet-validator-mainnet.sh b/subnet-cli/subnet-cli-add-subnet-validator-mainnet.sh
index 3c12b5d..3106760 100755
--- a/subnet-cli/subnet-cli-add-subnet-validator-mainnet.sh
+++ b/subnet-cli/subnet-cli-add-subnet-validator-mainnet.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Validator ID source: https://app.asana.com/0/1202305127727547/1202919355642524/f
+# Validator ID source: see internal task tracker
 
 NODE_ID="NodeID-BXTBUqX8gitUDtVam4fhRWGD1SfeHGoBx"
 SUBNET_ID="2gHgAgyDHQv7jzFg6MxU2yyKq5NZBpwFLFeP8xX2E3gyK1SzSQ"
diff --git a/subnet-cli/subnet-cli-add-subnet-validator-testnet.sh b/subnet-cli/subnet-cli-add-subnet-validator-testnet.sh
index e1abefd..b13327c 100755
--- a/subnet-cli/subnet-cli-add-subnet-validator-testnet.sh
+++ b/subnet-cli/subnet-cli-add-subnet-validator-testnet.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# Validator ID source: https://app.asana.com/0/1202305127727547/1202919355642524/f
+# Validator ID source: see internal task tracker
 
 NODE_ID="NodeID-A2Z8m7egVLhKf1Qj14uvXadhExM5zrB7p"
 SUBNET_ID="81vK49Udih5qmEzU7opx3Zg9AnB33F2oqUTQKuaoWgCvFUWQe"