Cryptocurrency wallet provider ZenGo has built a testnet to demonstrate a major security flaw prevalent among decentralized application (DApp) wallets.
On March 23, ZenGo published an article highlighting that, when authorizing a specific transaction, many DApp wallets actually grant access over all of that particular token stored in the connected wallet:
“As a result, if the DApp is vulnerable to a security issue or is rogue to begin with, attackers can abuse these highly excessive privileges to steal ALL of the DApp’s users holdings (in the approved tokens) without any further user consent. They can do so at any point in the future, even if the user no longer uses the DApp.”
ZenGo builds testnet to demonstrate vulnerability
ZenGo said that “almost every DApp” exhibits the vulnerability, resulting in users unwittingly providing DApp smart contracts full control over their funds.
To demonstrate the vulnerability, ZenGo has launched a public testnet featuring a “rogue” token swapping DApp dubbed baDAPProve.
When a user authorizes a transaction of a specific number of FRT tokens on the testnet, baDAPProve will drain the users’ entire FRT wallet — emphasizing the…
To read the entire article click here
Author: Samuel Haig