Closed TRtomasz closed 1 year ago
Hey, thanks for adding this. Looking at it, do you think it's better to just remove the allowedDomains
option? I'm not sure of the implications though, do you have any thoughts on that?
hey @rkalis we haven't thought about the security implications of this, but on first thought it could be ok. The only problem I can think of is UI re-dress/clickjacking, but in most web3 use cases I think that's a non-issue. It's not applicable at all in the safe SDK case because if you were able to apply this attack, you'd have to sit in the place of the wallet - you can't apply this attack on an existing wallet.
That is what I'd imagine as well. In that case, would you mind updating this PR to just remove the allowedDomains
option altogether?
@rkalis sure, done
Perfect, thank you!
The latest updates on your projects. Learn more about Vercel for Git ↗︎
Name | Status | Preview | Comments | Updated (UTC) |
---|---|---|---|---|
revoke-cash | ✅ Ready (Inspect) | Visit Preview | 💬 Add feedback | Apr 11, 2023 0:30am |
Congrats, your important contribution to this open-source project has earned you a GitPOAP!
GitPOAP: 2023 Revoke.cash Contributor:
Head to gitpoap.io & connect your GitHub account to mint!
Learn more about GitPOAPs here.
@TRtomasz is attempting to deploy a commit to the Kalis Software Team on Vercel.
A member of the Team first needs to authorize it.