Bug: Proof hash verification not implemented in validate_response()
Severity: High (Security/Anti-Spoof)
File: src/anti_spoof/mutating_challenge.py, validate_response() (line 391)
Description:
MutatingResponse.compute_proof() performs iterated SHA-256 hashing (using hash_rounds from mutation params), but validate_response() never verifies the proof hash. The comment says # In production, we'd recompute and verify but the check is absent.
This means any emulator can submit a random proof_hash and it will be accepted, completely bypassing the proof-of-work component of the challenge.
Reproduction:
# Emulator submits response with garbage proof_hash:
response = MutatingResponse(proof_hash=b'\x00' * 32, ...)
# validate_response() never checks proof_hash — accepts it anyway
Impact:
- Proof-of-work component of anti-spoof challenges is completely bypassed
- Emulators only need to fake timing/thermal/serial data (which they can calibrate)
- Missing verification undermines the iterated hashing security model
Expected Fix:
Recompute the proof hash from response data and compare against response.proof_hash.
Bug: Proof hash verification not implemented in validate_response()
Severity: High (Security/Anti-Spoof)
File:
src/anti_spoof/mutating_challenge.py,validate_response()(line 391)Description:
MutatingResponse.compute_proof()performs iterated SHA-256 hashing (usinghash_roundsfrom mutation params), butvalidate_response()never verifies the proof hash. The comment says# In production, we'd recompute and verifybut the check is absent.This means any emulator can submit a random
proof_hashand it will be accepted, completely bypassing the proof-of-work component of the challenge.Reproduction:
Impact:
Expected Fix:
Recompute the proof hash from response data and compare against
response.proof_hash.