Seems like the terminal client has a hard coded key. Is the client using that to check that against the one sent from the coordinator?
No match, no mix?
Discussion
Yes they have hardcoded a key in terminal. This introduces another vulnerability. I will add the details in the bitcointalk post.
its not a vulnerability if they're modulating the hardcoded key per CJ round correct?
as nostr:nprofile1qqsxwkuyle67y94tj378gw8w2xw2wa6nwmwlqhddlwnz0z7sztsaw2qpz9mhxue69uhkummnw3ezuamfdejj7nxasma suggested on original vulnerability disclosure post Jan 7th?
either way, the server CANNOT give clients a unique key for identification.