Validate crypto transactions hash on API #273
Assignees
Labels
Comments
|
At this moment, this is a technical debt |
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Currently when we do crypto transaction on frontend, we don't validate their hashes on api to check if the transaction actually took place and it has correct data. What we do is just toggle a boolean/string status to store if the user did the transaction, no actual transaction validation occurs on API. For this reason the system is vulnerable, someone could use the CLI to directly call the api and toggle the status without actually doing a transaction.
To fix this, The idea is that the user will send the transaction hash to the api. The api will then check the transaction on chain, verify metadata and other info and only if correct allow the relevant api call to work.
The text was updated successfully, but these errors were encountered: