It’s been reported by the security audit team and others that some of you have exposed the Celo node RPC port (8545) to the public and this can be exploited in order to:
- Acquire information about the node
- Break it out of SYNC / break the local chain database
- Steal funds
This is a common issue known on Ethereum. Take caution on what ports you’re publishing. RPC ports (8545/8546) should be closed to inbound from the internet. ie. an explicit drop rule or a default deny and allow only the ports/IPs that are in use.
Please check your configurations and immediately CLOSE THESE PORTS.
Note that if you are completing the Master Validator Challenge confirming these are blocked is part of the security audit walkthrough.