This repo consolidates reported issues from swisstronik-evm-module, swisstronik-librustgo, and swisstronik-chain repositories, complemented by all the Bug Bounty 1.0 program details and rewards for developers.
Attacker having access to users browser can initiate this attack and steal the encrypted keys. Bruteforce attack can be initiated since we have salt too.
Hi @mabdullah22 , issues related to the wallet are out of the scope of the Bug Bounty. Anyway, we really appreciate your efforts, and that's why we will reward you with 150usdt + 250swtr tokens for the issues you published regarding the wallet: Issue#13, Issue#12(this one) and Issue#11
SantiagoDevRel
commented
1 year ago
1. Bug/Vulnerability Description
Leakage of Encrypted Keys In chrome wallet
2. Hardware and Software Specifications
3. Steps to Reproduce
4. Impact Analysis
Attacker having access to users browser can initiate this attack and steal the encrypted keys. Bruteforce attack can be initiated since we have salt too.
5. Code Fix Submission
Disable the logging of critical info in console.
6. Choose the Right Label
Security Issue: Critical
7. Additional Context
I have attached a POC video showing the issue. https://drive.google.com/file/d/1L2Z1uIOi57YK1R2VADQbl3W4yXKgruP6/view?usp=sharing
Thank you for contributing to the improvement of our project!👨💻👩💻
Swisstronik internal use only