Security gurus of FC: anything we should be wary of when it comes to frames?

I understand certain data is signed + sent when clicking a button — I trust @varun and team have thought things through, but the paranoid part of me wonders how frames could be used maliciously

nf.td/mark 🟪 Forward-Deployed Software Engineer (Healthcare @ Palantir) 🟪 FID 1351

The actual functionality that frames support is very limited - basically “display an image and some buttons; when buttons pressed send request to a backend”.

Not possible to have onchain txns initiated by the user

1/ I've been working on a method to verify Farcaster messages onchain. The GitHub repo is now open-sourced under an MIT license.

https://github.com/pavlovdog/farcaster-solidity

Unless you make a 4337 account authorized by fc sigs:

cma.xyz. Founder /paragraph, previously at Google and Coinbase

Unless you make a 4337 account authorized by fc sigs: https://warpcast.com/fastfourier.eth/0x14214892

yeah that’s a good way to think about it. Reading more & building one has helped me understand. A very specific message is signed when you click a button

yeah that’s a good way to think about it. Reading more & building one has helped me understand. A very specific message is signed when you click a button https://warpcast.notion.site/Farcaster-Frames-4bd47fe97dc74a42a48d3a234636d8c5#:~:text=contains%20two%20objects%3A-,Signed,-Message%20%E2%80%94%20a%20signed