Open DimaKovalenko17 opened 1 year ago
name: Bug Reports Bugs and vulnerabilities in the code. Here I have collected most of the code. I have written errors and vulnerabilities in it. my email is shadowdreamer1286@gmail.com Telegram - @dmitry_1701
/ eslint-disable @typescript-eslint/no-var-requires / const { VanillaExtractPlugin } = require('@vanilla-extract/webpack-plugin') const MiniCssExtractPlugin = require('mini-css-extract-plugin') const { DefinePlugin } = require('webpack')
const commitHash = require('child_process').execSync('git rev-parse HEAD')
module.exports = { babel: { plugins: ['@vanilla-extract/babel-plugin'], }, webpack: { plugins: [ new VanillaExtractPlugin(), new DefinePlugin({ 'process.env.REACT_APP_GIT_COMMIT_HASH': JSON.stringify(commitHash.toString()), }), ], configure: (webpackConfig) => { const instanceOfMiniCssExtractPlugin = webpackConfig.plugins.find( (plugin) => plugin instanceof MiniCssExtractPlugin ) if (instanceOfMiniCssExtractPlugin !== undefined) instanceOfMiniCssExtractPlugin.options.ignoreOrder = true return webpackConfig }, }, }
cracoconfig,js
Based on the code provided, here are a few potential vulnerabilities and bugs to consider:
- Insecure Git Commit Hash Retrieval: The code retrieves the Git commit hash using the child_process module, a security vulnerability.
- Lack of Input Validation: The code does not perform any input validation or sanitization on the commitHash variable obtained from the Git command.
- Missing Error Handling: The code does not handle any errors that may occur during the execution of the Git command or any other parts of the code.
import React, { useEffect, useState } from 'react'
import { AutoColumn } from 'components/Column' import { DarkCard } from 'components/Card' import Loader from 'components/Loader' import { TYPE } from 'theme' import bridgeicon from '../../../assets/images/bridgeicon.png' import { isMobile } from 'react-device-detect' import styled from 'styled-components/macro' import { useIsDarkMode } from 'state/user/hooks' import useTheme from 'hooks/useTheme'
/tslint-disable/ /eslint-disable/ declare global { namespace JSX { interface IntrinsicElements { 'stargate-widget': any; // The 'any' just for testing purposes } } }
export const useScript = (url: string, name: string): any => {
const [lib, setLib] = useState({})
useEffect(() => { const script = document.createElement('script')
script.src = url script.async = true script.onload = () => setLib({ [name]: window[name as any] })
document.body.appendChild(script)
return () => { document.body.removeChild(script) } }, [url])
return lib
}
const Wrapper = styled.div
.MuiScopedCssBaseline-root { background:${prop => prop.theme.bg0} !important; }
export const Bridge = () => { const isDarkMode = useIsDarkMode() const themeVal = useTheme()
const theme = React.useMemo(() => isDarkMode ? 'dark' : 'light', [isDarkMode]) const { stargate } = useScript("https://unpkg.com/@layerzerolabs/stargate-ui@latest/element.js", "stargate") let content: JSX.Element; if (!stargate) { content = <div style={{ display: 'flex', justifyContent: 'center', alignItems: 'center', height: 300 }}> } else { content = <stargate-widget // tenthBps={25} // partnerId={0} // feeCollector={'0xa2bDF890E70d3468dF5EFB50D1C1117CD937E6E5'} theme={theme} /> }
return <DarkCard style={{ maxWidth: 600, color: themeVal.text1 }}>
<img width={isMobile ? '10px' : '20px'} src={bridgeicon} margin-right='10px' /> Kiba Crosschain Bridge </TYPE.small> {content} }
- Insecure script loading: The useScript hook dynamically loads a script from a URL provided as an argument.
- Incomplete error handling: The code includes a loader component to display while the script is being loaded.
- injection vulnerabilities: The code uses the url variable directly in the script source without any validation or sanitization.
- Insecure usage of any type: The declaration of IntrinsicElements in the global namespace includes an any type for the stargate-widget .
- Styling vulnerabilities: The code applies styles directly to the MuiScopedCssBaseline-root class
- Potential security risks in the bridge script: The code loads an external script from a remote URL.
import React from 'react' import styled from 'styled-components/macro' import useCopyClipboard from '../../hooks/useCopyClipboard'
import { LinkStyledButton } from '../../theme' import { CheckCircle, Copy } from 'react-feather' import { Trans } from '@lingui/macro'
const CopyIcon = styled(LinkStyledButton)
color: ${({ theme }) => theme.text1}; flex-shrink: 0; display: flex; text-decoration: none; font-size: 0.825rem; background:transparent; :hover, :active, :focus { text-decoration: none; color: ${({ theme }) => theme.text2}; }
const TransactionStatusText = styled.spanmargin-left: 0.25rem; font-size: 0.825rem; ${({ theme }) => theme.flexRowNoWrap}; align-items: center;
export default function CopyHelper(props: { toCopy: string; children?: React.ReactNode }) { const [isCopied, setCopied] = useCopyClipboard()
return ( <CopyIcon onClick={() => setCopied(props.toCopy)}> {isCopied ? ( <CheckCircle size={'16'} /> Copied ) : ( <Copy size={'16'} /> )} {isCopied ? '' : props.children} ) }
- Insecure handling of user input: The toCopy prop is passed directly to the setCopied function without any validation or sanitization. .
- Incomplete error handling: The code does not handle any errors that may occur during the copy operation.
- Accessibility concerns: The copy icon is wrapped inside a button element, but it does not have an accessible label for screen readers.
- Nested TransactionStatusText component: The TransactionStatusText component is nested within another TransactionStatusText component, which may not be necessary and can lead to unexpected behavior or styling issues.
- Dependency vulnerabilities: such as styled-components , react-feather , and @lingui/macro import { ExplorerDataType, getExplorerLink } from '../../utils/getExplorerLink' import { ExternalLink, LinkStyledButton, TYPE } from '../../theme' import React, { useCallback, useContext } from 'react' import { fortmatic, injected, portis, walletconnect, walletlink } from '../../connectors' import styled, { ThemeContext } from 'styled-components/macro'
import { AutoRow } from '../Row' import { ButtonSecondary } from '../Button' import { ReactComponent as Close } from '../../assets/images/x.svg' import CoinbaseWalletIcon from '../../assets/images/coinbaseWalletIcon.svg' import Copy from './Copy' import FortmaticIcon from '../../assets/images/fortmaticIcon.png' import Identicon from '../Identicon' import { ExternalLink as LinkIcon } from 'react-feather' import PortisIcon from '../../assets/images/portisIcon.png' import { SUPPORTED_WALLETS } from '../../constants/wallet' import { Trans } from '@lingui/macro' import Transaction from './Transaction' import WalletConnectIcon from '../../assets/images/walletConnectIcon.svg' import { clearAllTransactions } from '../../state/transactions/actions' import { shortenAddress } from '../../utils' import { useActiveWeb3React } from '../../hooks/web3' import { useAppDispatch } from 'state/hooks' import { useWeb3React } from '@web3-react/core' import { InjectedConnector } from '@web3-react/injected-connector' import { disconnect } from 'process'
const HeaderRow = styled.div
${({ theme }) => theme.flexRowNoWrap}; padding: 1rem 1rem; font-weight: 500; color: ${(props) => (props.color === 'blue' ? ({ theme }) => theme.primary1 : ({ theme }) => theme.text1)}; ${({ theme }) => theme.mediaWidth.upToMedium
padding: 1rem;};
const UpperSection = styled.div` position: relative; background: ${({ theme }) => theme.bg0};
h5 { margin: 0; margin-bottom: 0.5rem; font-size: 1rem; font-weight: 400; }
h5:last-child { margin-bottom: 0px; }
h4 { margin-top: 0; font-weight: 500; }
`
const InfoCard = styled.div
padding: 1rem; border: 1px solid ${({ theme }) => theme.bg3}; border-radius: 20px; position: relative; display: grid; grid-row-gap: 12px; margin-bottom: 20px;
const AccountGroupingRow = styled.div` ${({ theme }) => theme.flexRowNoWrap}; justify-content: space-between; align-items: center; font-weight: 400; color: ${({ theme }) => theme.text1};
div { ${({ theme }) => theme.flexRowNoWrap} align-items: center; } `
const AccountSection = styled.div
padding: 0rem 1rem; ${({ theme }) => theme.mediaWidth.upToMedium
padding: 0rem 1rem 1.5rem 1rem;};
const YourAccount = styled.div` h5 { margin: 0 0 1rem 0; font-weight: 400; }
h4 { margin: 0; font-weight: 500; } `
const LowerSection = styled.div` ${({ theme }) => theme.flexColumnNoWrap} padding: 1.5rem; flex-grow: 1; overflow: auto; background-color: ${({ theme }) => theme.bg3}; border-bottom-left-radius: 20px; border-bottom-right-radius: 20px;
h5 { margin: 0; font-weight: 400; color: ${({ theme }) => theme.text3}; } `
const AccountControl = styled.div` display: flex; justify-content: space-between; min-width: 0; width: 100%;
font-weight: 500; font-size: 1.25rem;
a:hover { text-decoration: underline; }
p { min-width: 0; margin: 0; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; } `
const AddressLink = styled(ExternalLink) <{ hasENS: boolean; isENS: boolean }>
font-size: 0.825rem; color: ${({ theme }) => theme.text3}; margin-left: 1rem; font-size: 0.825rem; display: flex; :hover { color: ${({ theme }) => theme.text2}; }
const CloseIcon = styled.div
position: absolute; right: 1rem; top: 14px; &:hover { cursor: pointer; opacity: 0.6; }
const CloseColor = styled(Close)
path { stroke: ${({ theme }) => theme.text4}; }
const WalletName = styled.div
width: initial; font-size: 0.825rem; font-weight: 500; color: ${({ theme }) => theme.text3};
const IconWrapper = styled.div<{ size?: number }>
${({ theme }) => theme.flexColumnNoWrap}; align-items: center; justify-content: center; margin-right: 8px; & > img, span { height: ${({ size }) => (size ? size + 'px' : '32px')}; width: ${({ size }) => (size ? size + 'px' : '32px')}; } ${({ theme }) => theme.mediaWidth.upToMedium
align-items: flex-end;};
const TransactionListWrapper = styled.div
${({ theme }) => theme.flexColumnNoWrap};
const WalletAction = styled(ButtonSecondary)
width: fit-content; font-weight: 400; margin-left: 8px; font-size: 0.825rem; padding: 4px 6px; :hover { cursor: pointer; text-decoration: underline; }
const MainWalletAction = styled(WalletAction)
color: ${({ theme }) => theme.primary1};
function renderTransactions(transactions: string[]) { return ( {transactions.map((hash, i) => { return })} ) }
interface AccountDetailsProps { toggleWalletModal: () => void pendingTransactions: string[] confirmedTransactions: string[] ENSName?: string openOptions: () => void }
export default function AccountDetails({ toggleWalletModal, pendingTransactions, confirmedTransactions, ENSName, openOptions, }: AccountDetailsProps) { const { chainId, account, connector, library, deactivate } = useActiveWeb3React() const theme = useContext(ThemeContext) const dispatch = useAppDispatch()
function formatConnectorName() { const { ethereum } = window const isMetaMask = !!(ethereum && ethereum.isMetaMask) const name = Object.keys(SUPPORTED_WALLETS) .filter( (k) => SUPPORTED_WALLETS[k].connector === connector && (connector !== injected || isMetaMask === (k === 'METAMASK')) ) .map((k) => SUPPORTED_WALLETS[k].name)[0] return ( Connected with {name} ) }
function getStatusIcon() { if (connector === injected) { return ( ) } else if (connector === walletconnect) { return ( <img src={WalletConnectIcon} alt={'WalletConnect logo'} /> ) } else if (connector === walletlink) { return ( <img src={CoinbaseWalletIcon} alt={'Coinbase Wallet logo'} /> ) } else if (connector === fortmatic) { return ( <img src={FortmaticIcon} alt={'Fortmatic logo'} /> ) } else if (connector === portis) { return ( <> <img src={PortisIcon} alt={'Portis logo'} /> <MainWalletAction onClick={() => { portis.portis.showPortis() }} > Show Portis </> ) } return null }
const clearAllTransactionsCallback = useCallback(() => { if (chainId) dispatch(clearAllTransactions({ chainId })) }, [dispatch, chainId])
return ( <> Account {formatConnectorName()}
{library?.provider && connector && ( <WalletAction style={{ marginRight: '8px' }} onClick={() => { console.log(connector); if (connector === injected) { deactivate(); } else { (connector as any).close(); } }} > Disconnect )} <WalletAction style={{ fontSize: '.825rem', fontWeight: 400 }} onClick={() => { openOptions() }} > Change
{ENSName ? ( <>
{getStatusIcon()} {ENSName}
</> ) : ( <>
{getStatusIcon()} {account && shortenAddress(account)}
</> )} {ENSName ? ( <>
{account && ( <span style={{ marginLeft: '4px' }}> Copy Address )} {chainId && account && ( <AddressLink hasENS={!!ENSName} isENS={true} href={getExplorerLink(chainId, ENSName, ExplorerDataType.ADDRESS)} > <span style={{ marginLeft: '4px' }}> View on Explorer )}
</> ) : ( <>
{account && ( <span style={{ marginLeft: '4px' }}> Copy Address )} {chainId && account && ( <AddressLink hasENS={!!ENSName} isENS={false} href={getExplorerLink(chainId, account, ExplorerDataType.ADDRESS)} > <span style={{ marginLeft: '4px' }}> View on Explorer )}
</> )} {!!pendingTransactions.length || !!confirmedTransactions.length ? ( <AutoRow mb={'1rem'} style={{ justifyContent: 'space-between' }}>
Recent Transactions </TYPE.body> (clear all) {renderTransactions(pendingTransactions)} {renderTransactions(confirmedTransactions)} ) : ( Your transactions will appear here... </TYPE.body> )} </> ) }
- Insecure handling of user input: The code uses the toCopy prop passed to the Copy component without any validation or sanitization.
- Insecure handling of external links: The code uses the ExternalLink component to render links to external explorers.
- Unhandled errors: The code does not handle any errors that may occur during the copy operation or when interacting with the wallet connectors.
- Dependency vulnerabilities: It is important to ensure that all dependencies, such as styled-components , react-feather , and @lingui/macro
- Accessibility concerns: The code does not provide accessible labels for screen readers for certain elements
import { CheckCircle, Triangle } from 'react-feather' import { ExplorerDataType, getExplorerLink } from '../../utils/getExplorerLink'
import { ExternalLink } from '../../theme' import Loader from '../Loader' import { RowFixed } from '../Row' import styled from 'styled-components/macro' import { useActiveWeb3React } from '../../hooks/web3' import { useAllTransactions } from '../../state/transactions/hooks'
const TransactionWrapper = styled.div``
const TransactionStatusText = styled.div
margin-right: 0.5rem; display: flex; align-items: center; :hover { text-decoration: underline; }
const TransactionState = styled(ExternalLink)<{ pending: boolean; success?: boolean }>
display: flex; justify-content: space-between; align-items: center; text-decoration: none !important; border-radius: 0.5rem; padding: 0.25rem 0rem; font-weight: 500; font-size: 0.825rem; color: ${({ theme }) => theme.primary1};
const IconWrapper = styled.div<{ pending: boolean; success?: boolean }>
color: ${({ pending, success, theme }) => (pending ? theme.primary1 : success ? theme.green1 : theme.red1)};
export default function Transaction({ hash, style = {} }: { hash: string, style?: any }) { const { chainId } = useActiveWeb3React() const allTransactions = useAllTransactions()
const tx = allTransactions?.[hash] const summary = tx?.summary const pending = !tx?.receipt const success = !pending && tx && (tx.receipt?.status === 1 || typeof tx.receipt?.status === 'undefined')
if (!chainId) return null
return ( <TransactionState href={getExplorerLink(chainId, hash, ExplorerDataType.TRANSACTION)} pending={pending} success={success} > {summary ?? hash} ↗ {pending ? : success ? : } ) }
Unused imports: The code imports several dependencies, such as injected , portis , walletconnect , and walletlink
- Insecure handling of user input: The hash prop is used directly in the getExplorerLink function
- Insecure handling of external links: The code uses the ExternalLink component to render a link to an external explorer.
- Unused imports: The code imports the CheckCircle and Triangle components from react-feather.
- Dependency vulnerabilities: It is important to ensure that all dependencies,
- Accessibility concerns: The code does not provide an accessible label for screen readers for the transaction status text.
- Use of style prop: The code accepts a style prop to apply additional styles to the TransactionWrapper component.
import { ExplorerDataType, getExplorerLink } from '../../utils/getExplorerLink' import { ExternalLink, TYPE } from '../../theme' import { ReactNode, useCallback, useContext, useState } from 'react' import { Trans, t } from '@lingui/macro' import styled, { ThemeContext } from 'styled-components/macro'
import { AutoColumn } from '../Column' import { RowBetween } from '../Row' import Select from 'react-select' import { useActiveWeb3React } from '../../hooks/web3' import { useAddressManager } from 'components/AddressManager' import useENS from '../../hooks/useENS'
const SelectItem = styled(Select)
color:#222 !important; z-index: 1000; >
const InputPanel = styled.div
${({ theme }) => theme.flexColumnNoWrap} position: relative; border-radius: 1.25rem; background-color: ${({ theme }) => theme.bg1}; z-index: 1; width: 100%;
const ContainerRow = styled.div<{ error: boolean }>
display: flex; justify-content: center; align-items: center; border-radius: 1.25rem; border: 1px solid ${({ error, theme }) => (error ? theme.red1 : theme.bg2)}; transition: border-color 300ms ${({ error }) => (error ? 'step-end' : 'step-start')}, color 500ms ${({ error }) => (error ? 'step-end' : 'step-start')}; background-color: ${({ theme }) => theme.bg1};
const InputContainer = styled.div
flex: 1; padding: 1rem;
const Input = styled.input<{ error?: boolean }>` font-size: 1rem; outline: none; border: none; flex: 1 1 auto; width: 0; background-color: ${({ theme }) => theme.bg0}; transition: color 300ms ${({ error }) => (error ? 'step-end' : 'step-start')}; color: ${({ error, theme }) => (error ? theme.red1 : theme.text1)}; overflow: hidden; text-overflow: ellipsis; font-weight: 500; width: 100%; ::placeholder { color: ${({ theme }) => theme.text4}; } padding: 5px; -webkit-appearance: textfield;
::-webkit-search-decoration { -webkit-appearance: none; }
::-webkit-outer-spin-button, ::-webkit-inner-spin-button { -webkit-appearance: none; }
::placeholder { color: ${({ theme }) => theme.text4}; } `
export default function AddressInputPanel({ id, className = 'recipient-address-input', label, placeholder, value, onChange, }: { id?: string className?: string label?: ReactNode placeholder?: string // the typed string value value: string // triggers whenever the typed value changes onChange: (value: string) => void }) { const { chainId } = useActiveWeb3React() const theme = useContext(ThemeContext)
const { address, loading, name } = useENS(value)
const handleInput = useCallback( (event) => { const input = event.target.value const withoutSpaces = input.replace(/\s+/g, '') onChange(withoutSpaces) }, [onChange] )
const error = Boolean(value?.length > 0 && !loading && !address)
const [addresses,] = useAddressManager() const [useManual, setUseManual] = useState(false) function styleFn(provided: any, state: any) { return { ...provided, color: theme.text1, background: theme.bg0 }; } const styles = { singleValue: { color: theme.text1, background: theme.bg0 } }
return (
{label ?? Recipient} {addresses.length > 0 && <TYPE.link onClick={() => { setUseManual(!useManual) }}>{useManual ? 'Switch to Select' : 'Switch to Input'}</TYPE.link> } </TYPE.black> {address && chainId && ( <ExternalLink href={getExplorerLink(chainId, name ?? address, ExplorerDataType.ADDRESS)} style={{ fontSize: '14px' }} > (View on Explorer) )} {Boolean(addresses.length == 0 || useManual) && <Input className={className} type="text" autoComplete="off" autoCorrect="off" autoCapitalize="off" spellCheck="false" placeholder={placeholder ?? t
Wallet Address or ENS name
} error={error} pattern="^(0x[a-fA-F0-9]{40})$" onChange={handleInput} value={value} />}{Boolean(addresses.length > 0 && !useManual) && ( <SelectItem theme={theme} options={addresses} onChange={(e: any) => onChange(e.value as any)} value={addresses.find((item) => item.value?.toLowerCase() === value?.toLowerCase())} /> )} ) }
- Insecure handling of user input: The value prop is used directly in the useENS hook without any validation or sanitization.
- Insecure handling of external links: The code uses the ExternalLink component to render a link to an external explorer.
- Potential XSS vulnerability: The label prop is rendered as a ReactNode without any sanitization.
- Insecure handling of select options: The addresses prop used in the SelectItem component is assumed to be safe.
- Dependency vulnerabilities: It is important to ensure that all dependencies, such as styled-components and react-select , are up to date to mitigate any known vulnerabilities.
- Accessibility concerns: The code does not provide accessible labels for screen readers for the input field and select component. Adding appropriate aria-label attributes can improve accessibility.
- Potential performance issue: The code uses the useCallback hook without specifying any dependencies.
- Unused variables: The styles variable is defined but not used in the component.
Please, the errors in the code I pointed out behind the number from 1 to 6-7 and so on.... Use navigation to save time
name: Bug Reports Bugs and vulnerabilities in the code. Here I have collected most of the code. I have written errors and vulnerabilities in it. my email is shadowdreamer1286@gmail.com Telegram - @dmitry_1701
/ eslint-disable @typescript-eslint/no-var-requires / const { VanillaExtractPlugin } = require('@vanilla-extract/webpack-plugin') const MiniCssExtractPlugin = require('mini-css-extract-plugin') const { DefinePlugin } = require('webpack')
const commitHash = require('child_process').execSync('git rev-parse HEAD')
module.exports = { babel: { plugins: ['@vanilla-extract/babel-plugin'], }, webpack: { plugins: [ new VanillaExtractPlugin(), new DefinePlugin({ 'process.env.REACT_APP_GIT_COMMIT_HASH': JSON.stringify(commitHash.toString()), }), ], configure: (webpackConfig) => { const instanceOfMiniCssExtractPlugin = webpackConfig.plugins.find( (plugin) => plugin instanceof MiniCssExtractPlugin ) if (instanceOfMiniCssExtractPlugin !== undefined) instanceOfMiniCssExtractPlugin.options.ignoreOrder = true return webpackConfig }, }, }
cracoconfig,js
Based on the code provided, here are a few potential vulnerabilities and bugs to consider:
Insecure Git Commit Hash Retrieval: The code retrieves the Git commit hash using the child_process module, a security vulnerability.
Lack of Input Validation: The code does not perform any input validation or sanitization on the commitHash variable obtained from the Git command.
Missing Error Handling: The code does not handle any errors that may occur during the execution of the Git command or any other parts of the code.
import React, { useEffect, useState } from 'react'
import { AutoColumn } from 'components/Column' import { DarkCard } from 'components/Card' import Loader from 'components/Loader' import { TYPE } from 'theme' import bridgeicon from '../../../assets/images/bridgeicon.png' import { isMobile } from 'react-device-detect' import styled from 'styled-components/macro' import { useIsDarkMode } from 'state/user/hooks' import useTheme from 'hooks/useTheme'
/tslint-disable/ /eslint-disable/ declare global { namespace JSX { interface IntrinsicElements { 'stargate-widget': any; // The 'any' just for testing purposes } } }
export const useScript = (url: string, name: string): any => {
const [lib, setLib] = useState({})
useEffect(() => { const script = document.createElement('script')
script.src = url script.async = true script.onload = () => setLib({ [name]: window[name as any] })
document.body.appendChild(script)
return () => { document.body.removeChild(script) } }, [url])
return lib
}
const Wrapper = styled.div
.MuiScopedCssBaseline-root { background:${prop => prop.theme.bg0} !important; }
export const Bridge = () => { const isDarkMode = useIsDarkMode() const themeVal = useTheme()
const theme = React.useMemo(() => isDarkMode ? 'dark' : 'light', [isDarkMode]) const { stargate } = useScript("https://unpkg.com/@layerzerolabs/stargate-ui@latest/element.js", "stargate") let content: JSX.Element; if (!stargate) { content = <div style={{ display: 'flex', justifyContent: 'center', alignItems: 'center', height: 300 }}>
return <DarkCard style={{ maxWidth: 600, color: themeVal.text1 }}>
<img
width={isMobile ? '10px' : '20px'}
src={bridgeicon}
margin-right='10px'
/>
Kiba Crosschain Bridge
</TYPE.small>
{content}
}
Insecure script loading: The useScript hook dynamically loads a script from a URL provided as an argument.
Incomplete error handling: The code includes a loader component to display while the script is being loaded.
injection vulnerabilities: The code uses the url variable directly in the script source without any validation or sanitization.
Insecure usage of any type: The declaration of IntrinsicElements in the global namespace includes an any type for the stargate-widget .
Styling vulnerabilities: The code applies styles directly to the MuiScopedCssBaseline-root class
Potential security risks in the bridge script: The code loads an external script from a remote URL.
import React from 'react' import styled from 'styled-components/macro' import useCopyClipboard from '../../hooks/useCopyClipboard'
import { LinkStyledButton } from '../../theme' import { CheckCircle, Copy } from 'react-feather' import { Trans } from '@lingui/macro'
const CopyIcon = styled(LinkStyledButton)
color: ${({ theme }) => theme.text1}; flex-shrink: 0; display: flex; text-decoration: none; font-size: 0.825rem; background:transparent; :hover, :active, :focus { text-decoration: none; color: ${({ theme }) => theme.text2}; }
const TransactionStatusText = styled.spanmargin-left: 0.25rem; font-size: 0.825rem; ${({ theme }) => theme.flexRowNoWrap}; align-items: center;
export default function CopyHelper(props: { toCopy: string; children?: React.ReactNode }) { const [isCopied, setCopied] = useCopyClipboard()
return ( <CopyIcon onClick={() => setCopied(props.toCopy)}> {isCopied ? (
<CheckCircle size={'16'} />
Copied
) : (
<Copy size={'16'} />
)}
{isCopied ? '' : props.children}
)
}
Insecure handling of user input: The toCopy prop is passed directly to the setCopied function without any validation or sanitization. .
Incomplete error handling: The code does not handle any errors that may occur during the copy operation.
Accessibility concerns: The copy icon is wrapped inside a button element, but it does not have an accessible label for screen readers.
Nested TransactionStatusText component: The TransactionStatusText component is nested within another TransactionStatusText component, which may not be necessary and can lead to unexpected behavior or styling issues.
Dependency vulnerabilities: such as styled-components , react-feather , and @lingui/macro import { ExplorerDataType, getExplorerLink } from '../../utils/getExplorerLink' import { ExternalLink, LinkStyledButton, TYPE } from '../../theme' import React, { useCallback, useContext } from 'react' import { fortmatic, injected, portis, walletconnect, walletlink } from '../../connectors' import styled, { ThemeContext } from 'styled-components/macro'
import { AutoRow } from '../Row' import { ButtonSecondary } from '../Button' import { ReactComponent as Close } from '../../assets/images/x.svg' import CoinbaseWalletIcon from '../../assets/images/coinbaseWalletIcon.svg' import Copy from './Copy' import FortmaticIcon from '../../assets/images/fortmaticIcon.png' import Identicon from '../Identicon' import { ExternalLink as LinkIcon } from 'react-feather' import PortisIcon from '../../assets/images/portisIcon.png' import { SUPPORTED_WALLETS } from '../../constants/wallet' import { Trans } from '@lingui/macro' import Transaction from './Transaction' import WalletConnectIcon from '../../assets/images/walletConnectIcon.svg' import { clearAllTransactions } from '../../state/transactions/actions' import { shortenAddress } from '../../utils' import { useActiveWeb3React } from '../../hooks/web3' import { useAppDispatch } from 'state/hooks' import { useWeb3React } from '@web3-react/core' import { InjectedConnector } from '@web3-react/injected-connector' import { disconnect } from 'process'
const HeaderRow = styled.div
${({ theme }) => theme.flexRowNoWrap}; padding: 1rem 1rem; font-weight: 500; color: ${(props) => (props.color === 'blue' ? ({ theme }) => theme.primary1 : ({ theme }) => theme.text1)}; ${({ theme }) => theme.mediaWidth.upToMedium
padding: 1rem;};
const UpperSection = styled.div` position: relative; background: ${({ theme }) => theme.bg0};
h5 { margin: 0; margin-bottom: 0.5rem; font-size: 1rem; font-weight: 400; }
h5:last-child { margin-bottom: 0px; }
h4 { margin-top: 0; font-weight: 500; }
`
const InfoCard = styled.div
padding: 1rem; border: 1px solid ${({ theme }) => theme.bg3}; border-radius: 20px; position: relative; display: grid; grid-row-gap: 12px; margin-bottom: 20px;
const AccountGroupingRow = styled.div` ${({ theme }) => theme.flexRowNoWrap}; justify-content: space-between; align-items: center; font-weight: 400; color: ${({ theme }) => theme.text1};
div { ${({ theme }) => theme.flexRowNoWrap} align-items: center; } `
const AccountSection = styled.div
padding: 0rem 1rem; ${({ theme }) => theme.mediaWidth.upToMedium
padding: 0rem 1rem 1.5rem 1rem;};
const YourAccount = styled.div` h5 { margin: 0 0 1rem 0; font-weight: 400; }
h4 { margin: 0; font-weight: 500; } `
const LowerSection = styled.div` ${({ theme }) => theme.flexColumnNoWrap} padding: 1.5rem; flex-grow: 1; overflow: auto; background-color: ${({ theme }) => theme.bg3}; border-bottom-left-radius: 20px; border-bottom-right-radius: 20px;
h5 { margin: 0; font-weight: 400; color: ${({ theme }) => theme.text3}; } `
const AccountControl = styled.div` display: flex; justify-content: space-between; min-width: 0; width: 100%;
font-weight: 500; font-size: 1.25rem;
a:hover { text-decoration: underline; }
p { min-width: 0; margin: 0; overflow: hidden; text-overflow: ellipsis; white-space: nowrap; } `
const AddressLink = styled(ExternalLink) <{ hasENS: boolean; isENS: boolean }>
font-size: 0.825rem; color: ${({ theme }) => theme.text3}; margin-left: 1rem; font-size: 0.825rem; display: flex; :hover { color: ${({ theme }) => theme.text2}; }
const CloseIcon = styled.div
position: absolute; right: 1rem; top: 14px; &:hover { cursor: pointer; opacity: 0.6; }
const CloseColor = styled(Close)
path { stroke: ${({ theme }) => theme.text4}; }
const WalletName = styled.div
width: initial; font-size: 0.825rem; font-weight: 500; color: ${({ theme }) => theme.text3};
const IconWrapper = styled.div<{ size?: number }>
${({ theme }) => theme.flexColumnNoWrap}; align-items: center; justify-content: center; margin-right: 8px; & > img, span { height: ${({ size }) => (size ? size + 'px' : '32px')}; width: ${({ size }) => (size ? size + 'px' : '32px')}; } ${({ theme }) => theme.mediaWidth.upToMedium
align-items: flex-end;};
const TransactionListWrapper = styled.div
${({ theme }) => theme.flexColumnNoWrap};
const WalletAction = styled(ButtonSecondary)
width: fit-content; font-weight: 400; margin-left: 8px; font-size: 0.825rem; padding: 4px 6px; :hover { cursor: pointer; text-decoration: underline; }
const MainWalletAction = styled(WalletAction)
color: ${({ theme }) => theme.primary1};
function renderTransactions(transactions: string[]) { return (
{transactions.map((hash, i) => {
return
})}
)
}
interface AccountDetailsProps { toggleWalletModal: () => void pendingTransactions: string[] confirmedTransactions: string[] ENSName?: string openOptions: () => void }
export default function AccountDetails({ toggleWalletModal, pendingTransactions, confirmedTransactions, ENSName, openOptions, }: AccountDetailsProps) { const { chainId, account, connector, library, deactivate } = useActiveWeb3React() const theme = useContext(ThemeContext) const dispatch = useAppDispatch()
function formatConnectorName() { const { ethereum } = window const isMetaMask = !!(ethereum && ethereum.isMetaMask) const name = Object.keys(SUPPORTED_WALLETS) .filter( (k) => SUPPORTED_WALLETS[k].connector === connector && (connector !== injected || isMetaMask === (k === 'METAMASK')) ) .map((k) => SUPPORTED_WALLETS[k].name)[0] return (
Connected with {name}
)
}
function getStatusIcon() { if (connector === injected) { return (
)
} else if (connector === walletconnect) {
return (
<img src={WalletConnectIcon} alt={'WalletConnect logo'} />
)
} else if (connector === walletlink) {
return (
<img src={CoinbaseWalletIcon} alt={'Coinbase Wallet logo'} />
)
} else if (connector === fortmatic) {
return (
<img src={FortmaticIcon} alt={'Fortmatic logo'} />
)
} else if (connector === portis) {
return (
<>
<img src={PortisIcon} alt={'Portis logo'} />
<MainWalletAction
onClick={() => {
portis.portis.showPortis()
}}
>
Show Portis
</>
)
}
return null
}
const clearAllTransactionsCallback = useCallback(() => { if (chainId) dispatch(clearAllTransactions({ chainId })) }, [dispatch, chainId])
return ( <>
Account
{formatConnectorName()}
{library?.provider && connector && (
<WalletAction
style={{ marginRight: '8px' }}
onClick={() => {
console.log(connector);
if (connector === injected) {
deactivate();
} else {
(connector as any).close();
}
}}
>
Disconnect
)}
<WalletAction
style={{ fontSize: '.825rem', fontWeight: 400 }}
onClick={() => {
openOptions()
}}
>
Change
{ENSName ? (
<>
{getStatusIcon()}
</>
) : (
<>
{getStatusIcon()}
</>
)}
{ENSName ? (
<>
{account && (
<span style={{ marginLeft: '4px' }}>
Copy Address
)}
{chainId && account && (
<AddressLink
hasENS={!!ENSName}
isENS={true}
href={getExplorerLink(chainId, ENSName, ExplorerDataType.ADDRESS)}
>
<span style={{ marginLeft: '4px' }}>
View on Explorer
)}
</>
) : (
<>
{account && (
<span style={{ marginLeft: '4px' }}>
Copy Address
)}
{chainId && account && (
<AddressLink
hasENS={!!ENSName}
isENS={false}
href={getExplorerLink(chainId, account, ExplorerDataType.ADDRESS)}
>
<span style={{ marginLeft: '4px' }}>
View on Explorer
)}
</>
)}
{!!pendingTransactions.length || !!confirmedTransactions.length ? (
<AutoRow mb={'1rem'} style={{ justifyContent: 'space-between' }}>
Recent Transactions
</TYPE.body>
(clear all)
{renderTransactions(pendingTransactions)}
{renderTransactions(confirmedTransactions)}
) : (
Your transactions will appear here...
</TYPE.body>
)}
</>
)
}
{ENSName}
{account && shortenAddress(account)}
Insecure handling of user input: The code uses the toCopy prop passed to the Copy component without any validation or sanitization.
Insecure handling of external links: The code uses the ExternalLink component to render links to external explorers.
Unhandled errors: The code does not handle any errors that may occur during the copy operation or when interacting with the wallet connectors.
Dependency vulnerabilities: It is important to ensure that all dependencies, such as styled-components , react-feather , and @lingui/macro
Accessibility concerns: The code does not provide accessible labels for screen readers for certain elements
import { CheckCircle, Triangle } from 'react-feather' import { ExplorerDataType, getExplorerLink } from '../../utils/getExplorerLink'
import { ExternalLink } from '../../theme' import Loader from '../Loader' import { RowFixed } from '../Row' import styled from 'styled-components/macro' import { useActiveWeb3React } from '../../hooks/web3' import { useAllTransactions } from '../../state/transactions/hooks'
const TransactionWrapper = styled.div``
const TransactionStatusText = styled.div
margin-right: 0.5rem; display: flex; align-items: center; :hover { text-decoration: underline; }
const TransactionState = styled(ExternalLink)<{ pending: boolean; success?: boolean }>
display: flex; justify-content: space-between; align-items: center; text-decoration: none !important; border-radius: 0.5rem; padding: 0.25rem 0rem; font-weight: 500; font-size: 0.825rem; color: ${({ theme }) => theme.primary1};
const IconWrapper = styled.div<{ pending: boolean; success?: boolean }>
color: ${({ pending, success, theme }) => (pending ? theme.primary1 : success ? theme.green1 : theme.red1)};
export default function Transaction({ hash, style = {} }: { hash: string, style?: any }) { const { chainId } = useActiveWeb3React() const allTransactions = useAllTransactions()
const tx = allTransactions?.[hash] const summary = tx?.summary const pending = !tx?.receipt const success = !pending && tx && (tx.receipt?.status === 1 || typeof tx.receipt?.status === 'undefined')
if (!chainId) return null
return (
<TransactionState
href={getExplorerLink(chainId, hash, ExplorerDataType.TRANSACTION)}
pending={pending}
success={success}
>
{summary ?? hash} ↗
{pending ? : success ? : }
)
}
Unused imports: The code imports several dependencies, such as injected , portis , walletconnect , and walletlink
Insecure handling of user input: The hash prop is used directly in the getExplorerLink function
Insecure handling of external links: The code uses the ExternalLink component to render a link to an external explorer.
Unused imports: The code imports the CheckCircle and Triangle components from react-feather.
Dependency vulnerabilities: It is important to ensure that all dependencies,
Accessibility concerns: The code does not provide an accessible label for screen readers for the transaction status text.
Use of style prop: The code accepts a style prop to apply additional styles to the TransactionWrapper component.
import { ExplorerDataType, getExplorerLink } from '../../utils/getExplorerLink' import { ExternalLink, TYPE } from '../../theme' import { ReactNode, useCallback, useContext, useState } from 'react' import { Trans, t } from '@lingui/macro' import styled, { ThemeContext } from 'styled-components/macro'
import { AutoColumn } from '../Column' import { RowBetween } from '../Row' import Select from 'react-select' import { useActiveWeb3React } from '../../hooks/web3' import { useAddressManager } from 'components/AddressManager' import useENS from '../../hooks/useENS'
const SelectItem = styled(Select)
color:#222 !important; z-index: 1000; >
const InputPanel = styled.div
${({ theme }) => theme.flexColumnNoWrap} position: relative; border-radius: 1.25rem; background-color: ${({ theme }) => theme.bg1}; z-index: 1; width: 100%;
const ContainerRow = styled.div<{ error: boolean }>
display: flex; justify-content: center; align-items: center; border-radius: 1.25rem; border: 1px solid ${({ error, theme }) => (error ? theme.red1 : theme.bg2)}; transition: border-color 300ms ${({ error }) => (error ? 'step-end' : 'step-start')}, color 500ms ${({ error }) => (error ? 'step-end' : 'step-start')}; background-color: ${({ theme }) => theme.bg1};
const InputContainer = styled.div
flex: 1; padding: 1rem;
const Input = styled.input<{ error?: boolean }>` font-size: 1rem; outline: none; border: none; flex: 1 1 auto; width: 0; background-color: ${({ theme }) => theme.bg0}; transition: color 300ms ${({ error }) => (error ? 'step-end' : 'step-start')}; color: ${({ error, theme }) => (error ? theme.red1 : theme.text1)}; overflow: hidden; text-overflow: ellipsis; font-weight: 500; width: 100%; ::placeholder { color: ${({ theme }) => theme.text4}; } padding: 5px; -webkit-appearance: textfield;
::-webkit-search-decoration { -webkit-appearance: none; }
::-webkit-outer-spin-button, ::-webkit-inner-spin-button { -webkit-appearance: none; }
::placeholder { color: ${({ theme }) => theme.text4}; } `
export default function AddressInputPanel({ id, className = 'recipient-address-input', label, placeholder, value, onChange, }: { id?: string className?: string label?: ReactNode placeholder?: string // the typed string value value: string // triggers whenever the typed value changes onChange: (value: string) => void }) { const { chainId } = useActiveWeb3React() const theme = useContext(ThemeContext)
const { address, loading, name } = useENS(value)
const handleInput = useCallback( (event) => { const input = event.target.value const withoutSpaces = input.replace(/\s+/g, '') onChange(withoutSpaces) }, [onChange] )
const error = Boolean(value?.length > 0 && !loading && !address)
const [addresses,] = useAddressManager() const [useManual, setUseManual] = useState(false) function styleFn(provided: any, state: any) { return { ...provided, color: theme.text1, background: theme.bg0 }; } const styles = { singleValue: { color: theme.text1, background: theme.bg0 } }
return (
{label ?? Recipient }
{addresses.length > 0 &&
<TYPE.link onClick={() => {
setUseManual(!useManual)
}}>{useManual ? 'Switch to Select' : 'Switch to Input'}</TYPE.link>
}
</TYPE.black>
{address && chainId && ( <ExternalLink href={getExplorerLink(chainId, name ?? address, ExplorerDataType.ADDRESS)} style={{ fontSize: '14px' }} >(View on Explorer)
)}
{Boolean(addresses.length == 0 || useManual) && <Input
className={className}
type="text"
autoComplete="off"
autoCorrect="off"
autoCapitalize="off"
spellCheck="false"
placeholder={placeholder ?? t
Wallet Address or ENS name
} error={error} pattern="^(0x[a-fA-F0-9]{40})$" onChange={handleInput} value={value} />}{Boolean(addresses.length > 0 && !useManual) && ( <SelectItem theme={theme} options={addresses} onChange={(e: any) => onChange(e.value as any)} value={addresses.find((item) => item.value?.toLowerCase() === value?.toLowerCase())} /> )} ) }
Insecure handling of user input: The value prop is used directly in the useENS hook without any validation or sanitization.
Insecure handling of external links: The code uses the ExternalLink component to render a link to an external explorer.
Potential XSS vulnerability: The label prop is rendered as a ReactNode without any sanitization.
Insecure handling of select options: The addresses prop used in the SelectItem component is assumed to be safe.
Dependency vulnerabilities: It is important to ensure that all dependencies, such as styled-components and react-select , are up to date to mitigate any known vulnerabilities.
Accessibility concerns: The code does not provide accessible labels for screen readers for the input field and select component. Adding appropriate aria-label attributes can improve accessibility.
Potential performance issue: The code uses the useCallback hook without specifying any dependencies.
Unused variables: The styles variable is defined but not used in the component.