đ Cloudflare Pages Security Audit
đ¨ CRITICAL SECURITY ISSUES FOUND
- Hardcoded Password Exposed:
crashbot2026in crash-bot production deployment - Private Key Storage: Application stores wallet private keys in browser localStorage
- Weak Authentication: Client-side password validation (easily bypassable)
- Public Program ID:
DEALERKFspSo5RoXNnKAhRPhTcvJeqeEgAgZsNSjCx5E
5
Total Projects
36
Total Deployments
3
Critical Issues
100%
Audit Coverage
đ° crash-bot CRITICAL
Purpose: Multi-wallet Solana crash betting bot control panel
Last Update: 2026-03-12 04:01:51 UTC
Deployments: 11 total
URL: https://crash-bot.pages.dev
Security Issues:
// EXPOSED IN CLIENT-SIDE JAVASCRIPT:
const PASSWORD = 'crashbot2026';
const PROGRAM_ID = 'DEALERKFspSo5RoXNnKAhRPhTcvJeqeEgAgZsNSjCx5E';
// Private key storage in wallet objects:
wallets: [{
id: 1,
address: '',
privateKey: '', // â STORED IN BROWSER!
multiplier: 2.0,
betAmount: 0.01
}]
đšī¸ solana-arcade SAFE
Purpose: SolFun Time retro arcade gaming platform
Last Update: 2026-03-11 00:35:07 UTC
Deployments: 25 total
URL: https://solana-arcade.pages.dev
â Key Discovery:
Found AGENT.md file on c3608b89 deployment (28KB)
đ crash-analytics SAFE
Purpose: DegenCoinFlip strategy dashboard
Last Update: 2026-03-11 03:41:40 UTC
đ¨ solfuntime-marketing SAFE
Purpose: Marketing landing page
đĄī¸ IMMEDIATE ACTIONS REQUIRED
- Change crash-bot Password: Current password "crashbot2026" is publicly exposed
- Remove Private Key Storage: Never store private keys in browser
- Implement Server-Side Auth: Move auth to Cloudflare Workers
- Audit API Keys: Check for embedded RPC keys
- Add Rate Limiting: Protect with Cloudflare Access