The repository currently tracks settings/Mainnet.toml, which contains deployer wallet material that should not be stored in source control.
Evidence:
settings/Mainnet.toml is committed in the repo and used by the helper scripts to derive private keys.- The file is intended to supply production credentials for script execution.
Impact:
- Anyone with access to the repository can recover the deployment wallet material.
- If those credentials are real, they must be rotated immediately.
Reproduction:
- Open
settings/Mainnet.toml in the repository.
- The deployer wallet material is present in plain text.
Priority: Critical
Suggested scope:
Remove production credentials from the repository, rotate any exposed keys, and replace them with safe local-only documentation or templates.
The repository currently tracks
settings/Mainnet.toml, which contains deployer wallet material that should not be stored in source control.Evidence:
settings/Mainnet.tomlis committed in the repo and used by the helper scripts to derive private keys.Impact:
Reproduction:
settings/Mainnet.tomlin the repository.Priority: Critical
Suggested scope:
Remove production credentials from the repository, rotate any exposed keys, and replace them with safe local-only documentation or templates.