Thanos maybe using taquito's michelson parsing and localforging functions which are insecure (needs further investigation)

LeastAuthority / thanos-wallet

MIT License

0 stars 0 forks source link

Thanos maybe using taquito's michelson parsing and localforging functions which are insecure (needs further investigation) #3

Open jehadbaeth opened 4 years ago

jehadbaeth commented 4 years ago

the aforementioned issue has been reported in an audit report conducted by least authority team. Issue E and Suggestion 3 both have been reported as Unresolved as of 19th of June 2020.

Further investigation on how taquito is being used is needed.

rats-god commented 4 years ago

i think it is unlikely that the local-forging issues will be exploitable, unless they are doing something really weird, but i will double check that.

the michelson parsing functions they're using are also not the ones i was concerned about, they're the much more stable new implementation. i'm still a bit weirded out that they are parsing michelson at all, though, so i am double checking how that ends up being used.