Since the subnet owners have refused to make a responsible disclosure to the community or pay out a reasonable bounty, I am instead publishing this in the hopes that miners of the subnet can confirm that they have not been compromised and to give the community insights into the security practices and attitudes of the subnet owners.
Validators with more than 1024 TAO staked had the ability to execute arbitrary code on the miner's machine (RCE) via the Specs synapse using a subprocess call from python. There was no checks in place at all what on what could be ran or what could be returned. Anything from miner's hotkeys being exposed to installing malicous packages (potentially extracting cold keys) on hosts could have been possible.
The Specs synapse accepts app_data
from a validator that is dumped into a file and e