https://github.com/akash-network/support/issues/109 Clients Do Not Authenticate Provider Certificates #109 xloem opened this issue now **Describe the bug** The [current client peer certificate verification code](https://github.com/akash-network/provider/blob/44c85af39a56a43830efbdcbe7a2f...) completely ignores the on-chain certificate and public key data, allowing a network adversary to provide a false certificate to any client. **To Reproduce** Note: I have not tested this, but it looks like you could generate a certificate with matching owner address and serial number to any active one on-chain, and offer it to a client in a machine-in-the-middle attack, and it would be accepted because the certificate is not sufficiently verified. All communications could be logged, and fake responses provided. **Expected behavior** It looks like the code should retrieve the certificate and public key fields from the QueryCertificatesResponse object and compare them with the data from the network [here](https://github.com/akash-network/provider/blob/44c85af39a56a43830efbdcbe7a2f...). **Additional context** I'm a crazy old software developer and I [spammed a mailing list about this issue](https://lists.cpunks.org/pipermail/cypherpunks/2023-July/115544.html).