Refs #44
File: crates/charon-executor/src/submit.rs (Submitter::connect)
Problem
connect() rejects malformed URLs but does not validate scheme. An operator who sets BSC_PRIVATE_RPC_URL to http://... (instead of https://) causes signed transaction bytes to traverse the network unencrypted. MEV searchers running mitm-friendly network paths can extract the signed envelope, recover sender + nonce + calldata, and front-run.
Impact
Signed liquidation envelopes leak in plaintext. Equivalent to public-mempool broadcast plus signature exposure.
Fix
In connect(), assert url.scheme() == "https" or "wss" and return SubmitError::InsecureScheme otherwise. Add unit test covering http://, ws://, ftp://, and missing scheme.
Refs #44
File: crates/charon-executor/src/submit.rs (Submitter::connect)
Problem
connect() rejects malformed URLs but does not validate scheme. An operator who sets BSC_PRIVATE_RPC_URL to http://... (instead of https://) causes signed transaction bytes to traverse the network unencrypted. MEV searchers running mitm-friendly network paths can extract the signed envelope, recover sender + nonce + calldata, and front-run.
Impact
Signed liquidation envelopes leak in plaintext. Equivalent to public-mempool broadcast plus signature exposure.
Fix
In connect(), assert url.scheme() == "https" or "wss" and return SubmitError::InsecureScheme otherwise. Add unit test covering http://, ws://, ftp://, and missing scheme.