Bug Reports in the code from TheKibaInu Github

TheKibaInu / kibaswap_alpha

GNU General Public License v3.0

1 stars 6 forks source link

name: Bug Reports Bugs and vulnerabilities in the code. Here I have collected most of the code. I have written errors and vulnerabilities in it. my email is shadowdreamer1286@gmail.com Telegram - @dmitry_1701

/ eslint-disable @typescript-eslint/no-var-requires / const { VanillaExtractPlugin } = require('@vanilla-extract/webpack-plugin') const MiniCssExtractPlugin = require('mini-css-extract-plugin') const { DefinePlugin } = require('webpack')

const commitHash = require('child_process').execSync('git rev-parse HEAD')

module.exports = { babel: { plugins: ['@vanilla-extract/babel-plugin'], }, webpack: { plugins: [ new VanillaExtractPlugin(), new DefinePlugin({ 'process.env.REACT_APP_GIT_COMMIT_HASH': JSON.stringify(commitHash.toString()), }), ], configure: (webpackConfig) => { const instanceOfMiniCssExtractPlugin = webpackConfig.plugins.find( (plugin) => plugin instanceof MiniCssExtractPlugin ) if (instanceOfMiniCssExtractPlugin !== undefined) instanceOfMiniCssExtractPlugin.options.ignoreOrder = true return webpackConfig }, }, }

cracoconfig,js

Based on the code provided, here are a few potential vulnerabilities and bugs to consider:

Insecure Git Commit Hash Retrieval: The code retrieves the Git commit hash using the child_process module, a security vulnerability.
Lack of Input Validation: The code does not perform any input validation or sanitization on the commitHash variable obtained from the Git command.
Missing Error Handling: The code does not handle any errors that may occur during the execution of the Git command or any other parts of the code.

import React, { useEffect, useState } from 'react'

import { AutoColumn } from 'components/Column' import { DarkCard } from 'components/Card' import Loader from 'components/Loader' import { TYPE } from 'theme' import bridgeicon from '../../../assets/images/bridgeicon.png' import { isMobile } from 'react-device-detect' import styled from 'styled-components/macro' import { useIsDarkMode } from 'state/user/hooks' import useTheme from 'hooks/useTheme'

/tslint-disable/ /eslint-disable/ declare global { namespace JSX { interface IntrinsicElements { 'stargate-widget': any; // The 'any' just for testing purposes } } }

export const useScript = (url: string, name: string): any => {

const [lib, setLib] = useState({})

useEffect(() => { const script = document.createElement('script')

script.src = url script.async = true script.onload = () => setLib({ [name]: window[name as any] })

document.body.appendChild(script)

return () => { document.body.removeChild(script) } }, [url])

return lib

}

const Wrapper = styled.div .MuiScopedCssBaseline-root { background:${prop => prop.theme.bg0} !important; }

export const Bridge = () => { const isDarkMode = useIsDarkMode() const themeVal = useTheme()

const theme = React.useMemo(() => isDarkMode ? 'dark' : 'light', [isDarkMode]) const { stargate } = useScript("https://unpkg.com/@layerzerolabs/stargate-ui@latest/element.js", "stargate") let content: JSX.Element; if (!stargate) { content = <div style={{ display: 'flex', justifyContent: 'center', alignItems: 'center', height: 300 }}>

name: Bug Reports Bugs and vulnerabilities in the code. Here I have collected most of the code. I have written errors and vulnerabilities in it. my email is shadowdreamer1286@gmail.com Telegram - @dmitry_1701

/ eslint-disable @typescript-eslint/no-var-requires / const { VanillaExtractPlugin } = require('@vanilla-extract/webpack-plugin') const MiniCssExtractPlugin = require('mini-css-extract-plugin') const { DefinePlugin } = require('webpack')

const commitHash = require('child_process').execSync('git rev-parse HEAD')

module.exports = { babel: { plugins: ['@vanilla-extract/babel-plugin'], }, webpack: { plugins: [ new VanillaExtractPlugin(), new DefinePlugin({ 'process.env.REACT_APP_GIT_COMMIT_HASH': JSON.stringify(commitHash.toString()), }), ], configure: (webpackConfig) => { const instanceOfMiniCssExtractPlugin = webpackConfig.plugins.find( (plugin) => plugin instanceof MiniCssExtractPlugin ) if (instanceOfMiniCssExtractPlugin !== undefined) instanceOfMiniCssExtractPlugin.options.ignoreOrder = true return webpackConfig }, }, }

cracoconfig,js

Based on the code provided, here are a few potential vulnerabilities and bugs to consider:

Insecure Git Commit Hash Retrieval: The code retrieves the Git commit hash using the child_process module, a security vulnerability.

Lack of Input Validation: The code does not perform any input validation or sanitization on the commitHash variable obtained from the Git command.

Missing Error Handling: The code does not handle any errors that may occur during the execution of the Git command or any other parts of the code.

import React, { useEffect, useState } from 'react'

import { AutoColumn } from 'components/Column' import { DarkCard } from 'components/Card' import Loader from 'components/Loader' import { TYPE } from 'theme' import bridgeicon from '../../../assets/images/bridgeicon.png' import { isMobile } from 'react-device-detect' import styled from 'styled-components/macro' import { useIsDarkMode } from 'state/user/hooks' import useTheme from 'hooks/useTheme'

/tslint-disable/ /eslint-disable/ declare global { namespace JSX { interface IntrinsicElements { 'stargate-widget': any; // The 'any' just for testing purposes } } }

export const useScript = (url: string, name: string): any => {

const [lib, setLib] = useState({})

useEffect(() => { const script = document.createElement('script')

script.src = url script.async = true script.onload = () => setLib({ [name]: window[name as any] })

document.body.appendChild(script)

return () => { document.body.removeChild(script) } }, [url])

return lib

}

const Wrapper = styled.div .MuiScopedCssBaseline-root { background:${prop => prop.theme.bg0} !important; }

export const Bridge = () => { const isDarkMode = useIsDarkMode() const themeVal = useTheme()

const theme = React.useMemo(() => isDarkMode ? 'dark' : 'light', [isDarkMode]) const { stargate } = useScript("https://unpkg.com/@layerzerolabs/stargate-ui@latest/element.js", "stargate") let content: JSX.Element; if (!stargate) { content = <div style={{ display: 'flex', justifyContent: 'center', alignItems: 'center', height: 300 }}> } else { content = <stargate-widget // tenthBps={25} // partnerId={0} // feeCollector={'0xa2bDF890E70d3468dF5EFB50D1C1117CD937E6E5'} theme={theme} /> }

return <DarkCard style={{ maxWidth: 600, color: themeVal.text1 }}> <img width={isMobile ? '10px' : '20px'} src={bridgeicon} margin-right='10px' /> Kiba Crosschain Bridge </TYPE.small> {content}

}

Insecure script loading: The useScript hook dynamically loads a script from a URL provided as an argument.

Incomplete error handling: The code includes a loader component to display while the script is being loaded.

injection vulnerabilities: The code uses the url variable directly in the script source without any validation or sanitization.

Insecure usage of any type: The declaration of IntrinsicElements in the global namespace includes an any type for the stargate-widget .

Styling vulnerabilities: The code applies styles directly to the MuiScopedCssBaseline-root class

Potential security risks in the bridge script: The code loads an external script from a remote URL.

import React from 'react' import styled from 'styled-components/macro' import useCopyClipboard from '../../hooks/useCopyClipboard'

import { LinkStyledButton } from '../../theme' import { CheckCircle, Copy } from 'react-feather' import { Trans } from '@lingui/macro'

const CopyIcon = styled(LinkStyledButton) color: ${({ theme }) => theme.text1}; flex-shrink: 0; display: flex; text-decoration: none; font-size: 0.825rem; background:transparent; :hover, :active, :focus { text-decoration: none; color: ${({ theme }) => theme.text2}; } const TransactionStatusText = styled.span margin-left: 0.25rem; font-size: 0.825rem; ${({ theme }) => theme.flexRowNoWrap}; align-items: center;

export default function CopyHelper(props: { toCopy: string; children?: React.ReactNode }) { const [isCopied, setCopied] = useCopyClipboard()

return ( <CopyIcon onClick={() => setCopied(props.toCopy)}> {isCopied ? ( <CheckCircle size={'16'} /> Copied ) : ( <Copy size={'16'} /> )} {isCopied ? '' : props.children} ) }

Insecure handling of user input: The toCopy prop is passed directly to the setCopied function without any validation or sanitization. .

Incomplete error handling: The code does not handle any errors that may occur during the copy operation.

Accessibility concerns: The copy icon is wrapped inside a button element, but it does not have an accessible label for screen readers.

Nested TransactionStatusText component: The TransactionStatusText component is nested within another TransactionStatusText component, which may not be necessary and can lead to unexpected behavior or styling issues.

Dependency vulnerabilities: such as styled-components , react-feather , and @lingui/macro import { ExplorerDataType, getExplorerLink } from '../../utils/getExplorerLink' import { ExternalLink, LinkStyledButton, TYPE } from '../../theme' import React, { useCallback, useContext } from 'react' import { fortmatic, injected, portis, walletconnect, walletlink } from '../../connectors' import styled, { ThemeContext } from 'styled-components/macro'

import { AutoRow } from '../Row' import { ButtonSecondary } from '../Button' import { ReactComponent as Close } from '../../assets/images/x.svg' import CoinbaseWalletIcon from '../../assets/images/coinbaseWalletIcon.svg' import Copy from './Copy' import FortmaticIcon from '../../assets/images/fortmaticIcon.png' import Identicon from '../Identicon' import { ExternalLink as LinkIcon } from 'react-feather' import PortisIcon from '../../assets/images/portisIcon.png' import { SUPPORTED_WALLETS } from '../../constants/wallet' import { Trans } from '@lingui/macro' import Transaction from './Transaction' import WalletConnectIcon from '../../assets/images/walletConnectIcon.svg' import { clearAllTransactions } from '../../state/transactions/actions' import { shortenAddress } from '../../utils' import { useActiveWeb3React } from '../../hooks/web3' import { useAppDispatch } from 'state/hooks' import { useWeb3React } from '@web3-react/core' import { InjectedConnector } from '@web3-react/injected-connector' import { disconnect } from 'process'

const HeaderRow = styled.div ${({ theme }) => theme.flexRowNoWrap}; padding: 1rem 1rem; font-weight: 500; color: ${(props) => (props.color === 'blue' ? ({ theme }) => theme.primary1 : ({ theme }) => theme.text1)}; ${({ theme }) => theme.mediaWidth.upToMedium padding: 1rem; };

const UpperSection = styled.div` position: relative; background: ${({ theme }) => theme.bg0};

h5 { margin: 0; margin-bottom: 0.5rem; font-size: 1rem; font-weight: 400; }

h5:last-child { margin-bottom: 0px; }

h4 { margin-top: 0; font-weight: 500; }

`

const InfoCard = styled.div padding: 1rem; border: 1px solid ${({ theme }) => theme.bg3}; border-radius: 20px; position: relative; display: grid; grid-row-gap: 12px; margin-bottom: 20px;

const AccountGroupingRow = styled.div` ${({ theme }) => theme.flexRowNoWrap}; justify-content: space-between; align-items: center; font-weight: 400; color: ${({ theme }) => theme.text1};

div { ${({ theme }) => theme.flexRowNoWrap} align-items: center; } `

const AccountSection = styled.div padding: 0rem 1rem; ${({ theme }) => theme.mediaWidth.upToMediumpadding: 0rem 1rem 1.5rem 1rem;};

const YourAccount = styled.div` h5 { margin: 0 0 1rem 0; font-weight: 400; }

h4 { margin: 0; font-weight: 500; } `

const LowerSection = styled.div` ${({ theme }) => theme.flexColumnNoWrap} padding: 1.5rem; flex-grow: 1; overflow: auto; background-color: ${({ theme }) => theme.bg3}; border-bottom-left-radius: 20px; border-bottom-right-radius: 20px;

h5 { margin: 0; font-weight: 400; color: ${({ theme }) => theme.text3}; } `

const AccountControl = styled.div` display: flex; justify-content: space-between; min-width: 0; width: 100%;

font-weight: 500; font-size: 1.25rem;

a:hover { text-decoration: underline; }

p { min-width: 0; margin: 0; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; } `

const AddressLink = styled(ExternalLink) <{ hasENS: boolean; isENS: boolean }> font-size: 0.825rem; color: ${({ theme }) => theme.text3}; margin-left: 1rem; font-size: 0.825rem; display: flex; :hover { color: ${({ theme }) => theme.text2}; }

const CloseIcon = styled.div position: absolute; right: 1rem; top: 14px; &:hover { cursor: pointer; opacity: 0.6; }

const CloseColor = styled(Close) path { stroke: ${({ theme }) => theme.text4}; }

const WalletName = styled.div width: initial; font-size: 0.825rem; font-weight: 500; color: ${({ theme }) => theme.text3};

const IconWrapper = styled.div<{ size?: number }> ${({ theme }) => theme.flexColumnNoWrap}; align-items: center; justify-content: center; margin-right: 8px; & > img, span { height: ${({ size }) => (size ? size + 'px' : '32px')}; width: ${({ size }) => (size ? size + 'px' : '32px')}; } ${({ theme }) => theme.mediaWidth.upToMedium align-items: flex-end; };

const TransactionListWrapper = styled.div ${({ theme }) => theme.flexColumnNoWrap};

const WalletAction = styled(ButtonSecondary) width: fit-content; font-weight: 400; margin-left: 8px; font-size: 0.825rem; padding: 4px 6px; :hover { cursor: pointer; text-decoration: underline; }

const MainWalletAction = styled(WalletAction) color: ${({ theme }) => theme.primary1};

function renderTransactions(transactions: string[]) { return ( {transactions.map((hash, i) => { return })} ) }

interface AccountDetailsProps { toggleWalletModal: () => void pendingTransactions: string[] confirmedTransactions: string[] ENSName?: string openOptions: () => void }

export default function AccountDetails({ toggleWalletModal, pendingTransactions, confirmedTransactions, ENSName, openOptions, }: AccountDetailsProps) { const { chainId, account, connector, library, deactivate } = useActiveWeb3React() const theme = useContext(ThemeContext) const dispatch = useAppDispatch()

function formatConnectorName() { const { ethereum } = window const isMetaMask = !!(ethereum && ethereum.isMetaMask) const name = Object.keys(SUPPORTED_WALLETS) .filter( (k) => SUPPORTED_WALLETS[k].connector === connector && (connector !== injected || isMetaMask === (k === 'METAMASK')) ) .map((k) => SUPPORTED_WALLETS[k].name)[0] return ( Connected with {name} ) }

function getStatusIcon() { if (connector === injected) { return ( ) } else if (connector === walletconnect) { return ( <img src={WalletConnectIcon} alt={'WalletConnect logo'} /> ) } else if (connector === walletlink) { return ( <img src={CoinbaseWalletIcon} alt={'Coinbase Wallet logo'} /> ) } else if (connector === fortmatic) { return ( <img src={FortmaticIcon} alt={'Fortmatic logo'} /> ) } else if (connector === portis) { return ( <> <img src={PortisIcon} alt={'Portis logo'} /> <MainWalletAction onClick={() => { portis.portis.showPortis() }} > Show Portis </> ) } return null }

const clearAllTransactionsCallback = useCallback(() => { if (chainId) dispatch(clearAllTransactions({ chainId })) }, [dispatch, chainId])

return ( <> Account {formatConnectorName()}

{library?.provider && connector && ( <WalletAction style={{ marginRight: '8px' }} onClick={() => { console.log(connector); if (connector === injected) { deactivate(); } else { (connector as any).close(); } }} > Disconnect )} <WalletAction style={{ fontSize: '.825rem', fontWeight: 400 }} onClick={() => { openOptions() }} > Change

{ENSName ? ( <>

{getStatusIcon()} {ENSName}

</> ) : ( <>

{getStatusIcon()} {account && shortenAddress(account)}

</> )} {ENSName ? ( <>

{account && ( <span style={{ marginLeft: '4px' }}> Copy Address )} {chainId && account && ( <AddressLink hasENS={!!ENSName} isENS={true} href={getExplorerLink(chainId, ENSName, ExplorerDataType.ADDRESS)} > <span style={{ marginLeft: '4px' }}> View on Explorer )}

</> ) : ( <>

{account && ( <span style={{ marginLeft: '4px' }}> Copy Address )} {chainId && account && ( <AddressLink hasENS={!!ENSName} isENS={false} href={getExplorerLink(chainId, account, ExplorerDataType.ADDRESS)} > <span style={{ marginLeft: '4px' }}> View on Explorer )}

</> )} {!!pendingTransactions.length || !!confirmedTransactions.length ? ( <AutoRow mb={'1rem'} style={{ justifyContent: 'space-between' }}> Recent Transactions </TYPE.body> (clear all) {renderTransactions(pendingTransactions)} {renderTransactions(confirmedTransactions)} ) : ( Your transactions will appear here... </TYPE.body> )} </> ) }

Insecure handling of user input: The code uses the toCopy prop passed to the Copy component without any validation or sanitization.

Insecure handling of external links: The code uses the ExternalLink component to render links to external explorers.

Unhandled errors: The code does not handle any errors that may occur during the copy operation or when interacting with the wallet connectors.

Dependency vulnerabilities: It is important to ensure that all dependencies, such as styled-components , react-feather , and @lingui/macro

Accessibility concerns: The code does not provide accessible labels for screen readers for certain elements

import { CheckCircle, Triangle } from 'react-feather' import { ExplorerDataType, getExplorerLink } from '../../utils/getExplorerLink'

import { ExternalLink } from '../../theme' import Loader from '../Loader' import { RowFixed } from '../Row' import styled from 'styled-components/macro' import { useActiveWeb3React } from '../../hooks/web3' import { useAllTransactions } from '../../state/transactions/hooks'

const TransactionWrapper = styled.div``

const TransactionStatusText = styled.div margin-right: 0.5rem; display: flex; align-items: center; :hover { text-decoration: underline; }

const TransactionState = styled(ExternalLink)<{ pending: boolean; success?: boolean }> display: flex; justify-content: space-between; align-items: center; text-decoration: none !important; border-radius: 0.5rem; padding: 0.25rem 0rem; font-weight: 500; font-size: 0.825rem; color: ${({ theme }) => theme.primary1};

const IconWrapper = styled.div<{ pending: boolean; success?: boolean }> color: ${({ pending, success, theme }) => (pending ? theme.primary1 : success ? theme.green1 : theme.red1)};

export default function Transaction({ hash, style = {} }: { hash: string, style?: any }) { const { chainId } = useActiveWeb3React() const allTransactions = useAllTransactions()

const tx = allTransactions?.[hash] const summary = tx?.summary const pending = !tx?.receipt const success = !pending && tx && (tx.receipt?.status === 1 || typeof tx.receipt?.status === 'undefined')

if (!chainId) return null

return ( <TransactionState href={getExplorerLink(chainId, hash, ExplorerDataType.TRANSACTION)} pending={pending} success={success} > {summary ?? hash} ↗ {pending ? : success ? : } ) }

Unused imports: The code imports several dependencies, such as injected , portis , walletconnect , and walletlink

Insecure handling of user input: The hash prop is used directly in the getExplorerLink function

Insecure handling of external links: The code uses the ExternalLink component to render a link to an external explorer.

Unused imports: The code imports the CheckCircle and Triangle components from react-feather.

Dependency vulnerabilities: It is important to ensure that all dependencies,

Accessibility concerns: The code does not provide an accessible label for screen readers for the transaction status text.

Use of style prop: The code accepts a style prop to apply additional styles to the TransactionWrapper component.

import { ExplorerDataType, getExplorerLink } from '../../utils/getExplorerLink' import { ExternalLink, TYPE } from '../../theme' import { ReactNode, useCallback, useContext, useState } from 'react' import { Trans, t } from '@lingui/macro' import styled, { ThemeContext } from 'styled-components/macro'

import { AutoColumn } from '../Column' import { RowBetween } from '../Row' import Select from 'react-select' import { useActiveWeb3React } from '../../hooks/web3' import { useAddressManager } from 'components/AddressManager' import useENS from '../../hooks/useENS'

const SelectItem = styled(Select) color:#222 !important; z-index: 1000; >

const InputPanel = styled.div ${({ theme }) => theme.flexColumnNoWrap} position: relative; border-radius: 1.25rem; background-color: ${({ theme }) => theme.bg1}; z-index: 1; width: 100%;

const ContainerRow = styled.div<{ error: boolean }> display: flex; justify-content: center; align-items: center; border-radius: 1.25rem; border: 1px solid ${({ error, theme }) => (error ? theme.red1 : theme.bg2)}; transition: border-color 300ms ${({ error }) => (error ? 'step-end' : 'step-start')}, color 500ms ${({ error }) => (error ? 'step-end' : 'step-start')}; background-color: ${({ theme }) => theme.bg1};

const InputContainer = styled.div flex: 1; padding: 1rem;

const Input = styled.input<{ error?: boolean }>` font-size: 1rem; outline: none; border: none; flex: 1 1 auto; width: 0; background-color: ${({ theme }) => theme.bg0}; transition: color 300ms ${({ error }) => (error ? 'step-end' : 'step-start')}; color: ${({ error, theme }) => (error ? theme.red1 : theme.text1)}; overflow: hidden; text-overflow: ellipsis; font-weight: 500; width: 100%; ::placeholder { color: ${({ theme }) => theme.text4}; } padding: 5px; -webkit-appearance: textfield;

::-webkit-search-decoration { -webkit-appearance: none; }

::-webkit-outer-spin-button, ::-webkit-inner-spin-button { -webkit-appearance: none; }

::placeholder { color: ${({ theme }) => theme.text4}; } `

export default function AddressInputPanel({ id, className = 'recipient-address-input', label, placeholder, value, onChange, }: { id?: string className?: string label?: ReactNode placeholder?: string // the typed string value value: string // triggers whenever the typed value changes onChange: (value: string) => void }) { const { chainId } = useActiveWeb3React() const theme = useContext(ThemeContext)

const { address, loading, name } = useENS(value)

const handleInput = useCallback( (event) => { const input = event.target.value const withoutSpaces = input.replace(/\s+/g, '') onChange(withoutSpaces) }, [onChange] )

const error = Boolean(value?.length > 0 && !loading && !address)

const [addresses,] = useAddressManager() const [useManual, setUseManual] = useState(false) function styleFn(provided: any, state: any) { return { ...provided, color: theme.text1, background: theme.bg0 }; } const styles = { singleValue: { color: theme.text1, background: theme.bg0 } }

return ( {label ?? Recipient} {addresses.length > 0 && <TYPE.link onClick={() => { setUseManual(!useManual) }}>{useManual ? 'Switch to Select' : 'Switch to Input'}</TYPE.link> } </TYPE.black>

{address && chainId && ( <ExternalLink href={getExplorerLink(chainId, name ?? address, ExplorerDataType.ADDRESS)} style={{ fontSize: '14px' }} > (View on Explorer) )} {Boolean(addresses.length == 0 || useManual) && <Input className={className} type="text" autoComplete="off" autoCorrect="off" autoCapitalize="off" spellCheck="false" placeholder={placeholder ?? tWallet Address or ENS name} error={error} pattern="^(0x[a-fA-F0-9]{40})$" onChange={handleInput} value={value} />}

{Boolean(addresses.length > 0 && !useManual) && ( <SelectItem theme={theme} options={addresses} onChange={(e: any) => onChange(e.value as any)} value={addresses.find((item) => item.value?.toLowerCase() === value?.toLowerCase())} /> )} ) }

Insecure handling of user input: The value prop is used directly in the useENS hook without any validation or sanitization.

Insecure handling of external links: The code uses the ExternalLink component to render a link to an external explorer.

Potential XSS vulnerability: The label prop is rendered as a ReactNode without any sanitization.

Insecure handling of select options: The addresses prop used in the SelectItem component is assumed to be safe.

Dependency vulnerabilities: It is important to ensure that all dependencies, such as styled-components and react-select , are up to date to mitigate any known vulnerabilities.

Accessibility concerns: The code does not provide accessible labels for screen readers for the input field and select component. Adding appropriate aria-label attributes can improve accessibility.

Potential performance issue: The code uses the useCallback hook without specifying any dependencies.

Unused variables: The styles variable is defined but not used in the component.

Please, the errors in the code I pointed out behind the number from 1 to 6-7 and so on.... Use navigation to save time

TheKibaInu / kibaswap_alpha

Bug Reports in the code from TheKibaInu Github #11