Location: docs/threat-model.md:Open Security Issues / GH#1876
Description:
The repository explicitly records a leaked Supabase service_role key in git history for a prolonged period. A service_role key bypasses Row Level Security and grants privileged database/API operations.
Root Cause:
Secret material was committed to version control and remained accessible in history long enough to be harvested.
Exploit Scenario:
- Attacker scans public git history, forks, mirrors, or leaked CI logs.
- Attacker extracts the exposed
service_role key.
- Attacker performs privileged read/write operations (e.g., tampering market metadata, internal admin tables, jobs, abuse protections, or operational controls).
Impact:
Full backend data-plane compromise and potential on-chain impact through manipulated off-chain orchestration/signaling.
Recommended Fix:
- Rotate/revoke all exposed keys immediately (not only current env values, but all potentially derived/related credentials).
- Validate no stale deployments still use compromised secrets.
- Migrate to managed secret stores + pre-commit secret scanning + server-side push protection.
- Treat historical exposure as incident response: log review, anomaly analysis, and scope confirmation.
Location:
docs/threat-model.md:Open Security Issues / GH#1876Description:
The repository explicitly records a leaked Supabase
service_rolekey in git history for a prolonged period. Aservice_rolekey bypasses Row Level Security and grants privileged database/API operations.Root Cause:
Secret material was committed to version control and remained accessible in history long enough to be harvested.
Exploit Scenario:
service_rolekey.Impact:
Full backend data-plane compromise and potential on-chain impact through manipulated off-chain orchestration/signaling.
Recommended Fix: