Hi,

I would like to add my bitsong validator. since the migration from 1 -> 2 has taken place, all the docs are out of date I think?

Should I still generate a gentx json file and make a PR here. If so: In what directory should I place it? bitsong-1, bitsong-2, bitsong2b?

If there is another way, what is the correct method to enrol as a new validator?

Kind regards.

i submitted Gentx at the other repo atleast you could have added it

LIST OF BUGS I FOUND FROM 104.21.7.58 / testnet.sinfonia.zone
Device for Testing : Macbook M1 Pro
Tool : Openvas and NMAP

1. TCP Port Opened ( scanned by nmap 104.21.7.58 )
   List port opened : 80,2052,443,2053,2082,2083,2086,2087,2095,8080,2096,8443,8880
   Level Bug : Medium
   Detail : An open port may be an expected configuration. For example, web servers use port 80 to serve websites over http and port 443 to serve websites over https. For a list of commonly used ports see https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers.
   An unexpected open port could give unintended access to applications, data, and private networks. Open ports can also be dangerous when expected services are out of date and exploited through security vulnerabilities.
   Solution : Close the port
2. Application Error Disclosure
   Link Issue : https://testnet.sinfonia.zone/assets/index.8e544d33.js
   Level Bug : Medium
   CWE Id : 200
   Detail : This page contains an error/warning message that may disclose sensitive information like the location of the file that produced the unhandled exception. This information can be used to launch further attacks against the web application. The alert could be a false positive if the error message is found inside a documentation page.
   Solution : Review the source code of this page. Implement custom error pages. Consider implementing a mechanism to provide a unique error reference/identifier to the client (browser) while logging the details on the server side and not exposing them to the user.
3. Cross Domain Missconfiguration
   Level bug : medium
   CWE id : 264
   Detail : Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server
   Solution : Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).
   Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
   Reference : https://vulncat.fortify.com/en/detail?id=desc.config.dotnet.html5_overly_permissive_cors_policy
4. Missing Anti-clickjacking Header
   Level Bug : Medium
   CWE id : 1021
   Detail : The response does not include either Content-Security-Policy with 'frame-ancestors' directive or X-Frame-Options to protect against 'ClickJacking' attacks.
   Solution : Modern Web browsers support the Content-Security-Policy and X-Frame-Options HTTP headers. Ensure one of them is set on all web pages returned by your site/app.
   If you expect the page to be framed only by pages on your server (e.g. it's part of a FRAMESET) then you'll want to use SAMEORIGIN, otherwise if you never expect the page to be framed, you should use DENY. Alternatively consider implementing Content Security Policy's "frame-ancestors" directive.
   Reference : https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

more issue and bug on bitsong you can check here