Critical-risk tools in Luxxon
3 of the 12 tools in Luxxon are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
cancel_sessionDestructiveCancel a pre-LIVE Luxxon session (REQUESTED or ASSIGNED). For LIVE sessions use end_session — this one will error with INVALID_STATE.
-
end_sessionFinancialEnd a LIVE Luxxon session. Closes the meter; computes cleanSeconds; the relayer settles on-chain shortly after. For pre-LIVE sessions use cancel_session instead.
-
request_live_viewFinancialOpen a Luxxon session at a lat/lng, push-dispatch the longest-idle operator in range, and wait for the operator to go LIVE. Returns the sessionId either way: if LIVE within time...
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.