oasis-wallet-web icon indicating copy to clipboard operation
oasis-wallet-web copied to clipboard

Published 20 hours ago verified publisher icon oasisprotocol

2021-07 audit: top-level issue

Open bennetyee opened this issue 4 years ago • 2 comments

please mark all issues found during this audit as blocking this one. this issue will not be marked as complete until all blockers are resolved (fixed or deferred, etc).

bennetyee avatar Jul 12 '21 21:07 bennetyee

things to look for:

  • identify potential attack surfaces -- e.g., user input (can users attack anything other than their own account?), unauthenticated JS loading, server auth / MITM potentials (web proxy to futz with messages), not all are nec'y valid
  • input validation -- data types, value ranges, regex matching/filtering, XSS, SQLi, etc; how are errors handled/reported?
  • unexpected event ordering / state transitions -- what are the sources of events? are event-order validation needed?

(please edit to add general pointers/topics).

bennetyee avatar Jul 19 '21 17:07 bennetyee

As far as I can tell, all issues marked as blocking this one has been closed. So can we close this one, too?

csillag avatar Sep 21 '22 12:09 csillag