search

SigmaGmbH / Bug-Bounty-1.0

This repo consolidates reported issues from swisstronik-evm-module, swisstronik-librustgo, and swisstronik-chain repositories, complemented by all the Bug Bounty 1.0 program details and rewards for developers.
2 stars 0 forks source link

Leakage of Private Keys in Chrome Extension Wallet #11

Closed mabdullah22 closed 11 months ago

mabdullah22 commented 11 months ago

1. Bug/Vulnerability Description

Leakage of Private Keys in Chrome Extension Wallet

2. Hardware and Software Specifications

3. Steps to Reproduce

  1. Turn your proxy interceptor ON.
  2. Make a new wallet.
  3. See the proxy request.
  4. Private Keys are being sent to Sentry Logs.

4. Impact Analysis

Logging in wallets is not advisable. Especially when keys are being logged. Rogue developers can leverage to steal the keys. We have real exploitation of this issue in case of Slope Finance Wallet. Where exploiter gained access to around 9000 logged keys and drained 4 million USDC.

Reference: https://twitter.com/osec_io/status/1555087560887922688?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1555087560887922688%7Ctwgr%5E836d80113528af48747df0a342f3beac6bd5e426%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fdiscover.luno.com%2Fwhat-exactly-happened-in-the-slope-finance-hack%2F

5. Code Fix Submission

Disable the logging of critical info , or logging as a whole.

6. Choose the Right Label

Security Issue: Critical

7. Additional Context

I have attached a POC video showing the issue. https://drive.google.com/file/d/1lkBbOhk3SNWc0Jykudw26Qe9SmjLkbSr/view?usp=sharing

Thank you for contributing to the improvement of our project!šŸ‘Øā€šŸ’»šŸ‘©ā€šŸ’»

Swisstronik internal use only

SantiagoDevRel commented 11 months ago

Issue closed, published in Hall of Fame

mabdullah22 commented 11 months ago

@santiagotrujilloz Wallet is a critical component of any project , the bounty decision on it is not according to the severity of the issue. As you can see the reference that Sentry logging has led to a compromise before.