DApp wallet security flaw grants smart contracts complete fund access

Crypto wallets firm ZenGo has developed a testnet to exhibit a common DApp wallet security flaw. According to an article published by the crypto wallets firm on March 23, this DApp wallet security flaw will accord full access to the user’s tokens reserved in the wallet.

According to ZenGo, almost all DApps have demonstrated the weakness that makes users unknowingly grant DApp smart contracts full power over their assets. To fully exhibit this weakness, the crypto wallets firm has created a public testnet that has a “rogue” token interchanging decentralized app called baDAPProve:

“As a result, if the DApp is vulnerable to a security issue or is rogue to begin with, attackers can abuse these highly excessive privileges to steal ALL of the DApp’s users holdings (in the approved tokens) without any further user consent. They can do so at any point in the future, even if the user no longer uses the DApp.”

DApp wallets security flaw demonstrated

When a DApp wallet user sanctions a distinct amount of FTR tokens on the system, baDAPProve clears out all the FTR tokens in the user’s wallet. The demo stresses the threats posed by the fragility of the wallets.

At the moment, ZenGo is developing a solution to this security threat. The DApp wallets security flaw was unearthed some years back, but ZenGo believes that the developers are not creating enough awareness of the dangers posed by the security flaw.

The crypto wallets provider pinpointed Opera, Imtoken and Trust wallet among the wallet providers who hesitate to caution users of the security flaw. Trust Wallet revealed it would revamp its network following a consultation by ZenGo.

Coinbase among firms that caution users

Furthermore, ZenGo discovered that Brave and Metamask wallets both issue users with advanced adjustments that regulate the amount accessible by DApps. On the other hand, Coinbase gives prior caution to users about the danger posed by the security flaw.