ZenGo token vulnerability fix resolves the DeFi dapp vulnerability in some crypto wallets. The loophole gave hackers access to user funds in crypto wallets, including Opera, TrustWallet, and imToken. ZenGo provides a keyless crypto wallet that is unaffected by the said dapp vulnerability.
ZenGo, the famous crypto wallet designer, claims to have solved the rife dapp exploit affecting prominent digital currency wallets. Users who connect Ethereum dapps with crypto wallets are most vulnerable to third-party unauthorised access.
ZenGo token vulnerability fix cures an obvious-yet-ignored loophole
In their official post, ZenGo details how the company resolved a common dapp exploit causing widespread mayhem. The team explains that during a routine transaction, many dapps demand user approval for the specific amount. However, users unknowingly grant the dapp access to the entire holdings in the wallet. This security flaw allows hackers to gain access to the user wallet for nefarious purposes. Maleficent dapps often exploit this loophole to access user funds and drain the wallets.
At the dapp connection stage, the users unknowingly grant complete fund access to the smart contract of the dapp, regardless of the actual amount needed. Even when the user conducts a $1 transaction, his entire funds are exposed to potential exploitation. Maleficent dapps can use this window to steal user funds. What’s more frightening is that users are not intimated by the crypto wallets about such unauthorised transactions.
How ZenGo token vulnerability fix protects your funds
ZenGo named this vulnerability s ‘baDAPProve’. Commonly affected crypto wallets included imToken, Trust Wallet and Opera. Users of these wallets aren’t even aware that their entire token holdings are left wide open during a single transaction. ZenGo demonstrated the loophole via a testnet. All the above mentioned three wallet makers were informed regarding the loophole in their products.
ZenGo token vulnerability fix was first implemented in the company’s signature Compound-based ZenGo Savings feature. The issue has been fixed for other apps as well. The repair gives access to only the amount needed for the particular transaction and not the full token holdings. Even if both transactions are simultaneous, separate user approval is required for both.