Autopudate#109
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request simplifies peer discovery in cmd/sam-node/node.go by removing manual relay address construction and instead logging and saving the advertised addresses directly to the peerstore. In cmd/sam-hub/main.go, the addition of libp2p.EnableRelayService() is flagged as a security risk and redundant because a custom relay service with ACL is already instantiated elsewhere in the codebase.
| libp2p.ConnectionManager(cm), | ||
| libp2p.EnableRelayService(), | ||
| libp2p.EnableAutoNATv2(), |
There was a problem hiding this comment.
The addition of libp2p.EnableRelayService() here is redundant and introduces a security risk.\n\n1. Redundancy & Conflicts: A custom relay service is already manually instantiated and configured with an ACL at line 272 (relay.New(h, relay.WithACL(&relayACL{hub: hub}))). Enabling it here via libp2p.Option will instantiate a second relay service instance with default options.\n2. Security Risk: The default relay service instantiated by libp2p.EnableRelayService() does not enforce the custom relayACL (which requires peer authentication). This could allow unauthorized peers to use the hub as a relay, bypassing your security policies.\n\nPlease remove this option and rely solely on the manual instantiation at line 272.
| libp2p.ConnectionManager(cm), | |
| libp2p.EnableRelayService(), | |
| libp2p.EnableAutoNATv2(), | |
| libp2p.ConnectionManager(cm), | |
| libp2p.EnableAutoNATv2(), |
1 participant
No description provided.