verticalcoin · DerUntote · Jun 11, 2026
diff --git a/.jules/sentinel.md b/.jules/sentinel.md
@@ -0,0 +1,5 @@
+
+## 2026-06-11 - Fix Internal Error Details Leak
+**Vulnerability:** The tipbot modules were leaking internal RPC errors (like internal daemons network issues, insufficient funds error details, daemon failures) directly to Discord users via `message.reply(err.message)`. This poses a security risk as it exposes the bot's internal architecture, connection states, and node infrastructure details to untrusted public channels.
+**Learning:** Returning `err.message` directly from infrastructure connections (like `bitcoind-rpc`) to external users is risky. Always decouple internal error contexts from user-facing error messages.
+**Prevention:** Instead of directly replying with `err.message`, internal errors should be logged using `console.error(err)` for debugging, and a generic, sanitized message like "An error occurred while processing your request." should be sent to the user.
diff --git a/bot/modules/bot-uptime.js b/bot/modules/bot-uptime.js
@@ -6,20 +6,20 @@ exports.commands = ['uptime'];
 exports.uptime = {
   usage: '',
   description: 'gets Uptime for Bot',
-  process: function(bot, msg, suffix) {
+  process: function (bot, msg, suffix) {
     if (suffix != pm2Name) {
       return;
     }
     msg.channel.send(
       'i have been Online for ' +
-      Math.round(bot.uptime / (1000 * 60 * 60 * 24)) +
-      ' days, ' +
-      Math.round(bot.uptime / (1000 * 60 * 60)) +
-      ' hours, ' +
-      Math.round(bot.uptime / (1000 * 60)) % 60 +
-      ' minutes, and ' +
-      Math.round(bot.uptime / 1000) % 60 +
-      ' seconds'
+        Math.round(bot.uptime / (1000 * 60 * 60 * 24)) +
+        ' days, ' +
+        Math.round(bot.uptime / (1000 * 60 * 60)) +
+        ' hours, ' +
+        (Math.round(bot.uptime / (1000 * 60)) % 60) +
+        ' minutes, and ' +
+        (Math.round(bot.uptime / 1000) % 60) +
+        ' seconds',
     );
-  }
+  },
 };
diff --git a/bot/modules/dogeTipper.js b/bot/modules/dogeTipper.js
@@ -158,7 +158,10 @@ function doWithdraw(message, tipper, words, helpmsg) {
       }
       doge.sendFrom(tipper, address, Number(amount), function (err, txId) {
         if (err) {
-          message.reply(err.message).then((message) => message.delete(10000));
+          console.error(err);
+          message
+            .reply('An error occurred while processing your request.')
+            .then((m) => m.delete(10000).catch(() => {}));
         } else {
           message.channel.send({
             embed: {
@@ -263,7 +266,10 @@ function doTip(bot, message, tipper, words, helpmsg) {
 function sendDOGE(bot, message, tipper, recipient, amount, privacyFlag) {
   getAddress(recipient.toString(), function (err, address) {
     if (err) {
-      message.reply(err.message).then((message) => message.delete(10000));
+      console.error(err);
+      message
+        .reply('An error occurred while processing your request.')
+        .then((m) => m.delete(10000).catch(() => {}));
     } else {
       doge.sendFrom(
         tipper,
@@ -274,7 +280,10 @@ function sendDOGE(bot, message, tipper, recipient, amount, privacyFlag) {
         null,
         function (err, txId) {
           if (err) {
-            message.reply(err.message).then((message) => message.delete(10000));
+            console.error(err);
+            message
+              .reply('An error occurred while processing your request.')
+              .then((m) => m.delete(10000).catch(() => {}));
           } else {
             if (privacyFlag) {
               let userProfile = message.guild.members.get(recipient); // ⚡ Bolt: O(1) direct ID lookup vs O(N) linear search;

diff --git a/bot/modules/exampleTipper.js b/bot/modules/exampleTipper.js
@@ -143,7 +143,7 @@ function doWithdraw(message, tipper, words, helpmsg) {
       }
       ltc.sendFrom(tipper, address, Number(amount), function(err, txId) {
         if (err) {
-          message.reply(err.message).then(message => message.delete(10000));
+          console.error(err); message.reply("An error occurred while processing your request.").then((m) => m.delete(10000).catch(() => {}));
         } else {
         message.channel.send({embed:{
         title: '**:outbox_tray::money_with_wings::moneybag:Litecoin (LTC) Transaction Completed!:moneybag::money_with_wings::outbox_tray:**',
@@ -228,11 +228,11 @@ function doTip(bot, message, tipper, words, helpmsg) {
 function sendLTC(bot, message, tipper, recipient, amount, privacyFlag) {
   getAddress(recipient.toString(), function(err, address) {
     if (err) {
-      message.reply(err.message).then(message => message.delete(10000));
+      console.error(err); message.reply("An error occurred while processing your request.").then((m) => m.delete(10000).catch(() => {}));
     } else {
           ltc.sendFrom(tipper, address, Number(amount), 1, null, null, function(err, txId) {
               if (err) {
-                message.reply(err.message).then(message => message.delete(10000));
+                console.error(err); message.reply("An error occurred while processing your request.").then((m) => m.delete(10000).catch(() => {}));
               } else {
                 if (privacyFlag) {
                   let userProfile = message.guild.members.get(recipient) // ⚡ Bolt: O(1) direct ID lookup vs O(N) linear search;

diff --git a/bot/modules/ftcTipper.js b/bot/modules/ftcTipper.js
@@ -158,7 +158,10 @@ function doWithdraw(message, tipper, words, helpmsg) {
       }
       ftc.sendFrom(tipper, address, Number(amount), function (err, txId) {
         if (err) {
-          message.reply(err.message).then((message) => message.delete(10000));
+          console.error(err);
+          message
+            .reply('An error occurred while processing your request.')
+            .then((m) => m.delete(10000).catch(() => {}));
         } else {
           message.channel.send({
             embed: {
@@ -263,7 +266,10 @@ function doTip(bot, message, tipper, words, helpmsg) {
 function sendFTC(bot, message, tipper, recipient, amount, privacyFlag) {
   getAddress(recipient.toString(), function (err, address) {
     if (err) {
-      message.reply(err.message).then((message) => message.delete(10000));
+      console.error(err);
+      message
+        .reply('An error occurred while processing your request.')
+        .then((m) => m.delete(10000).catch(() => {}));
     } else {
       ftc.sendFrom(
         tipper,
@@ -274,7 +280,10 @@ function sendFTC(bot, message, tipper, recipient, amount, privacyFlag) {
         null,
         function (err, txId) {
           if (err) {
-            message.reply(err.message).then((message) => message.delete(10000));
+            console.error(err);
+            message
+              .reply('An error occurred while processing your request.')
+              .then((m) => m.delete(10000).catch(() => {}));
           } else {
             if (privacyFlag) {
               let userProfile = message.guild.members.get(recipient); // ⚡ Bolt: O(1) direct ID lookup vs O(N) linear search;

diff --git a/bot/modules/helpTipper.js b/bot/modules/helpTipper.js
@@ -11,27 +11,41 @@ exports.commands = ['tiphelp'];
 exports.tiphelp = {
   usage: '<subcommand>',
   description: 'This commands has been changed to currency specific commands!',
-  process: function(bot, message) {
+  process: function (bot, message) {
     message.author.send(
-      '__**Ravencoin (RVN) Tipper**__\nTransaction Fees: **' + ravenFee + '**\n    **!tiprvn balance** : get your balance\n    **!tiprvn deposit** : get address for your deposits\n    **!tiprvn withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tiprvn <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tiprvn private <user> <amount>** : put private before Mentioning a user to tip them privately.\n'
+      '__**Ravencoin (RVN) Tipper**__\nTransaction Fees: **' +
+        ravenFee +
+        '**\n    **!tiprvn balance** : get your balance\n    **!tiprvn deposit** : get address for your deposits\n    **!tiprvn withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tiprvn <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tiprvn private <user> <amount>** : put private before Mentioning a user to tip them privately.\n',
     );
     message.author.send(
-      '__**Dogecoin (DOGE) Tipper**__\nTransaction Fees: **' + dogeFee + '**\n    **!tipdoge balance** : get your balance\n    **!tipdoge deposit** : get address for your deposits\n    **!tipdoge withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tipdoge <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tipdoge private <user> <amount>** : put private before Mentioning a user to tip them privately.\n'
+      '__**Dogecoin (DOGE) Tipper**__\nTransaction Fees: **' +
+        dogeFee +
+        '**\n    **!tipdoge balance** : get your balance\n    **!tipdoge deposit** : get address for your deposits\n    **!tipdoge withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tipdoge <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tipdoge private <user> <amount>** : put private before Mentioning a user to tip them privately.\n',
     );
     message.author.send(
-      '__**LBRY Credit (LBC) Tipper**__\nTransaction Fees: **' + lbryFee + '**\n    **!tiplbc balance** : get your balance\n    **!tiplbc deposit** : get address for your deposits\n    **!tiplbc withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tiplbc <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tiplbc private <user> <amount>** : put private before Mentioning a user to tip them privately.\n'
+      '__**LBRY Credit (LBC) Tipper**__\nTransaction Fees: **' +
+        lbryFee +
+        '**\n    **!tiplbc balance** : get your balance\n    **!tiplbc deposit** : get address for your deposits\n    **!tiplbc withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tiplbc <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tiplbc private <user> <amount>** : put private before Mentioning a user to tip them privately.\n',
     );
     message.author.send(
-      '__**Proton (PROTON) Tipper**__\nTransaction Fees: **' + protonFee + '**\n    **!tipproton balance** : get your balance\n    **!tipproton deposit** : get address for your deposits\n    **!tipproton withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tipproton <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tipproton private <user> <amount>** : put private before Mentioning a user to tip them privately.\n'
+      '__**Proton (PROTON) Tipper**__\nTransaction Fees: **' +
+        protonFee +
+        '**\n    **!tipproton balance** : get your balance\n    **!tipproton deposit** : get address for your deposits\n    **!tipproton withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tipproton <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tipproton private <user> <amount>** : put private before Mentioning a user to tip them privately.\n',
     );
     message.author.send(
-      '__**Uniform Fiscal Object (UFO) Tipper**__\nTransaction Fees: **' + ufoFee + '**\n    **!tipufo balance** : get your balance\n    **!tipufo deposit** : get address for your deposits\n    **!tipufo withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tipufo <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tipufo private <user> <amount>** : put private before Mentioning a user to tip them privately.\n'
+      '__**Uniform Fiscal Object (UFO) Tipper**__\nTransaction Fees: **' +
+        ufoFee +
+        '**\n    **!tipufo balance** : get your balance\n    **!tipufo deposit** : get address for your deposits\n    **!tipufo withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tipufo <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tipufo private <user> <amount>** : put private before Mentioning a user to tip them privately.\n',
     );
     message.author.send(
-      '__**Phoenixcoin (PXC) Tipper**__\nTransaction Fees: **' + phoenixFee + '**\n    **!tippxc balance** : get your balance\n    **!tippxc deposit** : get address for your deposits\n    **!tippxc withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tippxc <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tippxc private <user> <amount>** : put private before Mentioning a user to tip them privately.\n'
+      '__**Phoenixcoin (PXC) Tipper**__\nTransaction Fees: **' +
+        phoenixFee +
+        '**\n    **!tippxc balance** : get your balance\n    **!tippxc deposit** : get address for your deposits\n    **!tippxc withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tippxc <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tippxc private <user> <amount>** : put private before Mentioning a user to tip them privately.\n',
     );
     message.author.send(
-      '__**Feathercoin (FTC) Tipper**__\nTransaction Fees: **' + featherFee + '**\n    **!tipftc balance** : get your balance\n    **!tipftc deposit** : get address for your deposits\n    **!tipufo withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tipftc <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tipftc private <user> <amount>** : put private before Mentioning a user to tip them privately.\n\n    **<> : Replace with appropriate value.**'
+      '__**Feathercoin (FTC) Tipper**__\nTransaction Fees: **' +
+        featherFee +
+        '**\n    **!tipftc balance** : get your balance\n    **!tipftc deposit** : get address for your deposits\n    **!tipufo withdraw <ADDRESS> <AMOUNT>** : withdraw coins to specified address\n    **!tipftc <@user> <amount>** :mention a user with @ and then the amount to tip them\n    **!tipftc private <user> <amount>** : put private before Mentioning a user to tip them privately.\n\n    **<> : Replace with appropriate value.**',
     );
-  }
+  },
 };
diff --git a/bot/modules/lbcTipper.js b/bot/modules/lbcTipper.js
@@ -158,7 +158,10 @@ function doWithdraw(message, tipper, words, helpmsg) {
       }
       lbc.sendFrom(tipper, address, Number(amount), function (err, txId) {
         if (err) {
-          message.reply(err.message).then((message) => message.delete(10000));
+          console.error(err);
+          message
+            .reply('An error occurred while processing your request.')
+            .then((m) => m.delete(10000).catch(() => {}));
         } else {
           message.channel.send({
             embed: {
@@ -263,7 +266,10 @@ function doTip(bot, message, tipper, words, helpmsg) {
 function sendLBC(bot, message, tipper, recipient, amount, privacyFlag) {
   getAddress(recipient.toString(), function (err, address) {
     if (err) {
-      message.reply(err.message).then((message) => message.delete(10000));
+      console.error(err);
+      message
+        .reply('An error occurred while processing your request.')
+        .then((m) => m.delete(10000).catch(() => {}));
     } else {
       lbc.sendFrom(
         tipper,
@@ -274,7 +280,10 @@ function sendLBC(bot, message, tipper, recipient, amount, privacyFlag) {
         null,
         function (err, txId) {
           if (err) {
-            message.reply(err.message).then((message) => message.delete(10000));
+            console.error(err);
+            message
+              .reply('An error occurred while processing your request.')
+              .then((m) => m.delete(10000).catch(() => {}));
           } else {
             if (privacyFlag) {
               let userProfile = message.guild.members.get(recipient); // ⚡ Bolt: O(1) direct ID lookup vs O(N) linear search;

diff --git a/bot/modules/protonTipper.js b/bot/modules/protonTipper.js
@@ -158,7 +158,10 @@ function doWithdraw(message, tipper, words, helpmsg) {
       }
       proton.sendFrom(tipper, address, Number(amount), function (err, txId) {
         if (err) {
-          message.reply(err.message).then((message) => message.delete(10000));
+          console.error(err);
+          message
+            .reply('An error occurred while processing your request.')
+            .then((m) => m.delete(10000).catch(() => {}));
         } else {
           message.channel.send({
             embed: {
@@ -263,7 +266,10 @@ function doTip(bot, message, tipper, words, helpmsg) {
 function sendPROTON(bot, message, tipper, recipient, amount, privacyFlag) {
   getAddress(recipient.toString(), function (err, address) {
     if (err) {
-      message.reply(err.message).then((message) => message.delete(10000));
+      console.error(err);
+      message
+        .reply('An error occurred while processing your request.')
+        .then((m) => m.delete(10000).catch(() => {}));
     } else {
       proton.sendFrom(
         tipper,
@@ -274,7 +280,10 @@ function sendPROTON(bot, message, tipper, recipient, amount, privacyFlag) {
         null,
         function (err, txId) {
           if (err) {
-            message.reply(err.message).then((message) => message.delete(10000));
+            console.error(err);
+            message
+              .reply('An error occurred while processing your request.')
+              .then((m) => m.delete(10000).catch(() => {}));
           } else {
             if (privacyFlag) {
               let userProfile = message.guild.members.get(recipient); // ⚡ Bolt: O(1) direct ID lookup vs O(N) linear search;

diff --git a/bot/modules/pxcTipper.js b/bot/modules/pxcTipper.js
@@ -158,7 +158,10 @@ function doWithdraw(message, tipper, words, helpmsg) {
       }
       pxc.sendFrom(tipper, address, Number(amount), function (err, txId) {
         if (err) {
-          message.reply(err.message).then((message) => message.delete(10000));
+          console.error(err);
+          message
+            .reply('An error occurred while processing your request.')
+            .then((m) => m.delete(10000).catch(() => {}));
         } else {
           message.channel.send({
             embed: {
@@ -263,7 +266,10 @@ function doTip(bot, message, tipper, words, helpmsg) {
 function sendPXC(bot, message, tipper, recipient, amount, privacyFlag) {
   getAddress(recipient.toString(), function (err, address) {
     if (err) {
-      message.reply(err.message).then((message) => message.delete(10000));
+      console.error(err);
+      message
+        .reply('An error occurred while processing your request.')
+        .then((m) => m.delete(10000).catch(() => {}));
     } else {
       pxc.sendFrom(
         tipper,
@@ -274,7 +280,10 @@ function sendPXC(bot, message, tipper, recipient, amount, privacyFlag) {
         null,
         function (err, txId) {
           if (err) {
-            message.reply(err.message).then((message) => message.delete(10000));
+            console.error(err);
+            message
+              .reply('An error occurred while processing your request.')
+              .then((m) => m.delete(10000).catch(() => {}));
           } else {
             if (privacyFlag) {
               let userProfile = message.guild.members.get(recipient); // ⚡ Bolt: O(1) direct ID lookup vs O(N) linear search;