flashbots
diff --git a/‎Makefile‎
Lines changed: 9 additions & 0 deletions b/‎Makefile‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 13 additions & 4 deletions b/‎README.md‎
Lines changed: 13 additions & 4 deletions
diff --git a/‎cmd/demo-gateway/main.go‎
Lines changed: 33 additions & 6 deletions b/‎cmd/demo-gateway/main.go‎
Lines changed: 33 additions & 6 deletions
diff --git a/‎cmd/doc.go‎
Lines changed: 3 additions & 3 deletions b/‎cmd/doc.go‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎crypto/blinding_fuzz_test.go‎
Lines changed: 140 additions & 0 deletions b/‎crypto/blinding_fuzz_test.go‎
Lines changed: 140 additions & 0 deletions
@@ -29,6 +29,15 @@ test:
 test-race:
 	go test -race ./...
 
+FUZZTIME ?= 10s
+
+.PHONY: test-fuzz
+test-fuzz:
+	@for fuzz in $$(grep -r "^func Fuzz" ./crypto/*_test.go | sed 's/.*\(Fuzz[a-zA-Z]*\).*/\1/'); do \
+		echo "Running $$fuzz..."; \
+		go test -fuzz=$$fuzz -fuzztime=$(FUZZTIME) ./crypto || exit 1; \
+	done
+
 .PHONY: lint
 lint:
 	gofmt -d -s .
 
@@ -101,16 +101,25 @@ protocol:
 
 ### Running the Demo
 
-The demo orchestrator runs a complete local deployment:
+The local deployment script runs a complete network using multiservice:
 
 ```bash
-go run ./services/demo \
+./deploy_local.sh \
   --clients=10 \
   --aggregators=2 \
   --servers=5 \
   --round=10s \
-  --msg-length=512000 \
-  --admin-token="admin:secret"
+  --msg-length=512000
+```
+
+Use the CLI to interact with the deployed network:
+
+```bash
+# Send a message
+go run ./cmd/demo-cli send -r http://localhost:7999 -m "Hello" -b 100 --skip-verification
+
+# Monitor rounds
+go run ./cmd/demo-cli monitor -r http://localhost:7999 --follow --skip-verification
 ```
 
 ## Running Standalone Services
 
@@ -10,6 +10,8 @@ import (
 	"net/http"
 	"os"
 	"os/signal"
+	"path/filepath"
+	"strings"
 	"sync"
 	"syscall"
 	"time"
@@ -30,6 +32,7 @@ func main() {
 		staticDir        = flag.String("static", "", "Directory for static files")
 		skipVerification = flag.Bool("skip-verification", false, "Skip attestation verification")
 		measurementsURL  = flag.String("measurements-url", "", "URL for allowed TEE measurements")
+		allowedOrigins   = flag.String("allowed-origins", "http://localhost:*", "Comma-separated list of allowed CORS origins (use * for all)")
 	)
 	flag.Parse()
 
@@ -43,11 +46,18 @@ func main() {
 		cancel()
 	}()
 
+	// Parse allowed origins
+	origins := strings.Split(*allowedOrigins, ",")
+	for i := range origins {
+		origins[i] = strings.TrimSpace(origins[i])
+	}
+
 	gateway := NewGateway(&GatewayConfig{
 		RegistryURL:      *registryURL,
 		SkipVerification: *skipVerification,
 		MeasurementsURL:  *measurementsURL,
 		StaticDir:        *staticDir,
+		AllowedOrigins:   origins,
 	})
 
 	go gateway.Start(ctx)
@@ -57,7 +67,7 @@ func main() {
 	r.Use(middleware.Recoverer)
 	r.Use(middleware.Timeout(30 * time.Second))
 	r.Use(cors.Handler(cors.Options{
-		AllowedOrigins:   []string{"*"},
+		AllowedOrigins:   gateway.config.AllowedOrigins,
 		AllowedMethods:   []string{"GET", "POST", "OPTIONS"},
 		AllowedHeaders:   []string{"Accept", "Content-Type"},
 		AllowCredentials: false,
@@ -96,6 +106,7 @@ type GatewayConfig struct {
 	SkipVerification bool
 	MeasurementsURL  string
 	StaticDir        string
+	AllowedOrigins   []string
 }
 
 // Gateway serves the demo API and website.
@@ -143,18 +154,34 @@ func (g *Gateway) RegisterRoutes(r chi.Router) {
 
 func (g *Gateway) registerStaticRoutes(r chi.Router) {
 	if g.config.StaticDir != "" {
-		fileServer := http.FileServer(http.Dir(g.config.StaticDir))
+		// Get absolute path of static directory for security validation
+		absStaticDir, err := filepath.Abs(g.config.StaticDir)
+		if err != nil {
+			fmt.Printf("Warning: could not resolve static dir: %v\n", err)
+			return
+		}
+
+		fileServer := http.FileServer(http.Dir(absStaticDir))
 		r.Handle("/*", http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
-			path := g.config.StaticDir + req.URL.Path
-			if _, err := os.Stat(path); os.IsNotExist(err) && req.URL.Path != "/" {
-				http.ServeFile(w, req, g.config.StaticDir+"/index.html")
+			// Clean and validate the path to prevent directory traversal
+			cleanPath := filepath.Clean(req.URL.Path)
+			fullPath := filepath.Join(absStaticDir, cleanPath)
+
+			// Ensure the resolved path is within the static directory
+			if !strings.HasPrefix(fullPath, absStaticDir) {
+				http.Error(w, "forbidden", http.StatusForbidden)
+				return
+			}
+
+			if _, err := os.Stat(fullPath); os.IsNotExist(err) && req.URL.Path != "/" {
+				http.ServeFile(w, req, filepath.Join(absStaticDir, "index.html"))
 				return
 			}
 			fileServer.ServeHTTP(w, req)
 		}))
 	} else {
 		r.Get("/", func(w http.ResponseWriter, req *http.Request) {
-			http.Error(w, "nothing to serve", 500)
+			http.Error(w, "nothing to serve", http.StatusInternalServerError)
 		})
 		r.Get("/favicon.svg", g.handleFavicon)
 	}
 
@@ -19,10 +19,10 @@
 //
 //	go run ./cmd/registry --addr=:8080 --admin-token=admin:secret
 //
-// demo: Local orchestrator that runs a complete ADCNet deployment in a single
-// process for testing and development.
+// demo-cli: CLI for interacting with a deployed ADCNet network.
 //
-//	go run ./services/demo --clients=10 --servers=3 --round=5s
+//	go run ./cmd/demo-cli send -r http://localhost:7999 -m "Hello" -b 100
+//	go run ./cmd/demo-cli monitor -r http://localhost:7999 --follow
 //
 // # HTTP Configuration Mode
 //
 
@@ -0,0 +1,140 @@
+package crypto
+
+import (
+	"bytes"
+	"testing"
+)
+
+func FuzzDeriveBlindingVector(f *testing.F) {
+	// Add seed corpus with various parameters
+	f.Add([]byte("shared-secret-1"), uint32(1), int32(10))
+	f.Add([]byte("shared-secret-2"), uint32(0), int32(1))
+	f.Add([]byte("shared-secret-3"), uint32(100), int32(50))
+
+	f.Fuzz(func(t *testing.T, secret []byte, round uint32, nEls int32) {
+		// Skip invalid inputs
+		if len(secret) == 0 || nEls <= 0 || nEls > 1000 {
+			t.Skip()
+		}
+
+		sharedSecrets := []SharedKey{secret}
+
+		result := DeriveBlindingVector(sharedSecrets, round, nEls, AuctionFieldOrder)
+
+		// Invariant 1: Output length matches nEls
+		if len(result) != int(nEls) {
+			t.Errorf("output length mismatch: got %d, want %d", len(result), nEls)
+		}
+
+		// Invariant 2: All elements are in valid field range
+		for i, el := range result {
+			if el == nil {
+				t.Errorf("element %d is nil", i)
+				continue
+			}
+			if el.Sign() < 0 {
+				t.Errorf("element %d is negative: %v", i, el)
+			}
+			if el.Cmp(AuctionFieldOrder) >= 0 {
+				t.Errorf("element %d >= fieldOrder: %v", i, el)
+			}
+		}
+
+		// Invariant 3: Determinism - same inputs produce same outputs
+		result2 := DeriveBlindingVector(sharedSecrets, round, nEls, AuctionFieldOrder)
+		for i := range result {
+			if result[i].Cmp(result2[i]) != 0 {
+				t.Errorf("non-deterministic: element %d differs on second call", i)
+			}
+		}
+
+		// Invariant 4: Different round produces different output (with high probability)
+		if round < ^uint32(0) {
+			result3 := DeriveBlindingVector(sharedSecrets, round+1, nEls, AuctionFieldOrder)
+			allSame := true
+			for i := range result {
+				if result[i].Cmp(result3[i]) != 0 {
+					allSame = false
+					break
+				}
+			}
+			if allSame && nEls > 0 {
+				t.Errorf("different rounds produced identical output")
+			}
+		}
+	})
+}
+
+func FuzzDeriveXorBlindingVector(f *testing.F) {
+	// Add seed corpus
+	f.Add([]byte("shared-secret-1"), uint32(1), 100)
+	f.Add([]byte("shared-secret-2"), uint32(0), 1)
+	f.Add([]byte("shared-secret-3"), uint32(100), 16) // AES block size
+	f.Add([]byte("shared-secret-4"), uint32(50), 17)  // Non-aligned
+
+	f.Fuzz(func(t *testing.T, secret []byte, round uint32, nBytes int) {
+		// Skip invalid inputs
+		if len(secret) == 0 || nBytes < 0 || nBytes > 10000 {
+			t.Skip()
+		}
+
+		sharedSecrets := []SharedKey{secret}
+
+		result := DeriveXorBlindingVector(sharedSecrets, round, nBytes)
+
+		// Invariant 1: Output length matches nBytes
+		if len(result) != nBytes {
+			t.Errorf("output length mismatch: got %d, want %d", len(result), nBytes)
+		}
+
+		// Invariant 2: Determinism
+		result2 := DeriveXorBlindingVector(sharedSecrets, round, nBytes)
+		if !bytes.Equal(result, result2) {
+			t.Errorf("non-deterministic output")
+		}
+
+		// Invariant 3: Different round produces different output
+		if nBytes > 0 && round < ^uint32(0) {
+			result3 := DeriveXorBlindingVector(sharedSecrets, round+1, nBytes)
+			if bytes.Equal(result, result3) {
+				t.Errorf("different rounds produced identical output")
+			}
+		}
+
+		// Invariant 4: Zero bytes returns empty slice
+		if nBytes == 0 && len(result) != 0 {
+			t.Errorf("zero nBytes should return empty slice")
+		}
+	})
+}
+
+func FuzzXorBlindingRoundTrip(f *testing.F) {
+	f.Add([]byte("secret1"), []byte("secret2"), uint32(5), 100)
+
+	f.Fuzz(func(t *testing.T, secret1, secret2 []byte, round uint32, nBytes int) {
+		if len(secret1) == 0 || len(secret2) == 0 || nBytes <= 0 || nBytes > 1000 {
+			t.Skip()
+		}
+
+		secrets := []SharedKey{secret1, secret2}
+
+		// XOR blinding should be self-inverse when applied twice
+		blinding := DeriveXorBlindingVector(secrets, round, nBytes)
+		data := make([]byte, nBytes)
+		for i := range data {
+			data[i] = byte(i % 256)
+		}
+		original := make([]byte, nBytes)
+		copy(original, data)
+
+		// Apply blinding
+		XorInplace(data, blinding)
+
+		// Apply again (should restore original)
+		XorInplace(data, blinding)
+
+		if !bytes.Equal(data, original) {
+			t.Errorf("XOR round trip failed")
+		}
+	})
+}