cotitech
commented
4 years ago @Geordie-R Thanks. We are adding 'onTouch' for all copy buttons.
Open Geordie-R opened 4 years ago
cotitech
commented
4 years ago @Geordie-R Thanks. We are adding 'onTouch' for all copy buttons.
Heres my scenario of how serious this issue can be.
Im logging in to my coti wallet on chrome browser on latest android mobile, on the testnet. I go to my password manager and click copy on my seed and paste it into the seed section of the wallet. I then pick a server and login.
I'm greeted with my balance as normal and the list of all my addresses with their balances. I'm looking to give someone my address so they can pay me coti so i click on my address which then expands so you can see the full address with the little "Copy" button. I press the little "Copy" button.
So at this stage i now believe the address has copied into my clipboard and im in a rush trying to send a dude my address who owes me money right?
So i go to a private message with the guy and click paste and send.
Now to my horror i realise your copy button FAILED and ive actually sent someone my SEED because your copy button failed to copy the address into my clipboard.
Damn lucky i did this on the testnet.
Note: I will be interested in being put forward for the bug bounty due to the seriousness of how bad this could have been on the mainnet.