Ethereum

GM 🫡

Are you ready to see one of the most stupid vulnerability you will ever see in crypto space? 

Here is the first vulnerability I found about the WalletConnect's Verify API 👇

They have already pushed a fix, so I guess I can explain it now, and you can share it too 😎

Le diable se cache dans les détails • Brume Wallet

They have already pushed a fix, so I guess I can explain it now, and you can share it too 😎

https://github.com/WalletConnect/walletconnect-monorepo/commit/0d42d705f658f4da031fc69cb3411ab77b8b976b

Here is a live demo 🔥

Click on the following links and try to connect the former with the latter

wc-exploit-1.vercel.app
wc-wallet.vercel.app

Here is what you should see with and without the exploit

Hola, Pancakeswap 👋

So how does it work?

The dapp can simply tell the wallet:

"I swear I am legit, here is a server that will say I'm legit" 🫣

(and of course, the server is owned by the same person — the attacker ) 

Yes, that's the vulnerability 🤡

Did I lie when I said I can exploit it with one line of code? 😅

https://github.com/hazae41/wc-exploit-1/tree/main/src/app

Well technically two if you count the server side too 

https://github.com/hazae41/wc-exploit-1/blob/main/src/app/api/attestation/%5Bany%5D/route.ts

Remember, per the docs

"Verify API is not designed to be bulletproof but to make the impersonation attack harder and require a somewhat sophisticated attacker."

Very sophisticated attack 😂

Are you still overestimating your security, Pedro? 🤨

Or were you talking about a potential backdoor? 🧐

Since you claimed that your team knew this issue, maybe it was a backdoor then? 🤨

Oh no, you also claimed that the purpose of the Verify API wasn't to prevent phishing, so it was just an easter egg 🫠

Oh no, you also claimed that the purpose of the Verify API wasn't to prevent phishing, so it was just an easter egg 🫠

https://x.com/hazae41/status/1710295763564081259

Go and hide now, Pedro ☀️

And I hope the $12M you raised can pay for some holidays very far with no internet 🏖️

Since they are definitely not used to pay for security 💀

And remember I still have a second vulnerability in the sleeve😏