[Bug]: Display Hex Data #22726
Comments
|
Hello, @VijiHithub! Thank you for flagging this issue with us! Our team is looking into it! |
ZbrancaI
added
the
team-extension-ux
|
Hello, @ZbrancaI !!! Thank you for your prompt response. Can you please provide an estimated timeline for when we can expect a resolution to this issue? |
|
Hey @VijiHithub, I'm not sure we're able to effectively help here. Even if we added a way to hide the hex data in this specific screen (beyond it being in a separate tab), the user could as easily enable the display of hex data again to copy it or obtain the hex data through other means. |
|
@bschorchit I agree with you. Therefore, there is no need to include the show/hide option. If possible, please permanently remove the hex tab as well, as there is no requirement to display the input parameter or implement any encryption methods to prevent its visibility. Alternatively, could you please offer another solution as soon as possible? |
|
We do have technical users that take advantage of being able to see the hex data information so removing it completely is not something that we would be willing to do. |
gauthierpetetin
added
team-confirmations-secure-ux
|
@bschorchit I am unable to communicate with users at the moment because some of them are behaving in this manner. Consequently, I am unable to effectively address this issue with all users. If all users were aware of this problem, they might also be susceptible to scams exploiting this vulnerability. As a precautionary measure, I have disabled the withdrawal feature on our website for the past week. Your team is solely responsible for providing the solution as technical individuals can easily exploit this vulnerability on any website, except for my own websites. |
bschorchit
removed
the
team-confirmations-secure-ux
Describe the bug
Dear Team,
I hope you are having a good day!
We have discovered a significant vulnerability on our website. Our website incorporates smart contract functionality and utilizes the MetaMask extension to connect users with the smart contract for transactions. Specifically, we have developed smart contracts for the claim and withdraw processes. When users click on the claim or withdraw request, we prompt them to enable MetaMask connectivity on our website. Once MetaMask is enabled, users can initiate the claim or withdraw process. During this process, the MetaMask extension asks for confirmation or rejection on the first tab, while displaying hex data values on another tab.
We now need to hide the option to display the hex data values. We have already attempted to show/hide this option in the advanced settings section but not working. Unfortunately, some of our users have copied the transaction data from MetaMask and directly used it on the contract (Explorer), resulting in a loss of funds.
We kindly request a solution to this issue as soon as possible. Thank you in advance.
FYR - PFA
Best regards,
Expected behavior
No response
Screenshots/Recordings
No response
Steps to reproduce
Error messages or log output
No response
Version
11.7.3
Build type
None
Browser
Chrome, Firefox
Operating system
Windows, MacOS, Linux
Hardware wallet
No response
Additional context
No response
Severity
No response
The text was updated successfully, but these errors were encountered: