This repository has been archived by the owner on Oct 10, 2024. It is now read-only.
Update if you use or plan to use XSWD!
This fixes a vulnerability with the wallet when connecting with XSWD.
Thanks to SixofClubs for finding & providing a detailed explanation of the attack vector.
P.S The reason I didn't fix the issue, when it was announce, is because I though It was already handled in the wallet. I had special branches to always force transfer/scinvoke for a confirmation modal. Turns out the function that makes this check doesn't get call at the protocol level when a dApp sets the permissions in advance. This was an oversight from my part.