## Percolator Mainnet Launch Blocked: Critical Security Gaps Expose Supabase Key, Upgrade Authority, Oracle Markets
The mainnet launch of the Percolator protocol is halted by three critical security failures, each requiring immediate action from a single developer, Khubair. A leaked Supabase service key has been exposed for over seven weeks, the program's upgrade authority remains a vulnerable single keypair, and a migration script failure leaves 119 out of 178 markets without price data. These unresolved issues represent a direct, unacceptable risk to the security and functionality of the network before deployment.

The internal security checklist, owned by the 'Sentinel' team, explicitly marks these items as 'CRITICAL BLOCKERS' that cannot ship until resolved. The first and most severe exposure is a Supabase `service_role` key leaked in the project's Git history, granting broad database access. The second blocker is the failure to migrate the program's upgrade authority from a single, risky keypair to a secure Squads multisig. The third is a broken oracle authority migration script, which has left the majority of markets without operational price feeds, crippling a core protocol function.

This situation places immense pressure on the project's security posture and operational readiness. The concentration of required fixes on a single individual, Khubair, creates a significant operational bottleneck and single point of failure for the launch. The checklist mandates that Khubair must personally rotate the exposed Supabase key, create the multisig, and execute the migration script. Until these actions are completed, the protocol cannot safely proceed to mainnet, delaying launch and exposing the project to potential exploitation if the exposed credentials are discovered.
---
- **Source**: GitHub Issues
- **Sector**: The Lab
- **Tags**: Security, Blockchain, DevOps, Data Leak, Mainnet Launch
- **Credibility**: unverified
- **Published**: 2026-04-04 05:26:59
- **ID**: 49770
- **URL**: https://whisperx.ai/en/intel/49770