Skip to content

Commit

Permalink
feat: add malicious deeplinks, bypasses and reorg (#328)
Browse files Browse the repository at this point in the history 
* Add malicious deeplinks, bypasses and reorg

* clean-up

* reorg list buttons
  • Loading branch information
@seaona
seaona authored Apr 25, 2024
1 parent 80c19c1 commit fd76621
Show file tree
Hide file tree
Showing 2 changed files with 206 additions and 101 deletions.
110 changes: 81 additions & 29 deletions src/index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -814,8 +814,10 @@ <h4 class="card-title">
<div class="card full-width">
<div class="card-body">
<h4 class="card-title">
PPOM
PPOM - Malicious Transactions and Signatures
</h4>
<p>We know we are vulnerable if any of these Transactions/Signatures are not flagged as Malicious</p>
<h5>Transactions</h5>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="maliciousRawEthButton"
Expand All @@ -834,6 +836,7 @@ <h4 class="card-title">
class="btn btn-primary btn-lg btn-block mb-3"
id="maliciousERC20TransferButton"
disabled
title="This will only be flagged if you have some ERC20 balance"
>
Malicious ERC20 Transfer (USDC)
</button>
Expand All @@ -851,6 +854,7 @@ <h4 class="card-title">
>
Malicious Set Approval For All
</button>
<h5>Signatures</h5>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="maliciousPermit"
Expand Down Expand Up @@ -881,31 +885,27 @@ <h4 class="card-title">
<div class="card full-width">
<div class="card-body">
<h4>
Batch of 10 Malicious Transactions
PPOM - Malicious Batching and Queueing
</h4>

<p>We know we are vulnerable if any of these Transactions/Signatures are not flagged as Malicious</p>
<h5>Transactions</h5>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="sendEIP1559Batch"
disabled
>
Send Eth Malicious x10 Batch
</button>
<h4>
Queue of 10 Malicious Transactions
</h4>


<button
class="btn btn-primary btn-lg btn-block mb-3"
id="sendEIP1559Queue"
disabled
>
Send Eth Malicious x10 Queue
</button>
<h4>
Batch of 10 Malicious Signatures
</h4>

<h5>Signatures</h5>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="signTypedDataV4Batch"
Expand All @@ -914,16 +914,84 @@ <h4>
Sign Malicious x10 Batch
</button>

<button
class="btn btn-primary btn-lg btn-block mb-3"
id="signTypedDataV4Queue"
disabled
>
Sign Malicious x10 Queue
</button>
<hr />
<h4>PPOM - Malicious Deeplinks</h4>
<a
id="maliciousSendEthWithDeeplink"
>
<button
class="btn btn-warning btn-lg btn-block mb-3 text-dark"
>
(Mobile) Malicious Eth Transfer With Deeplink
</button>
</a>
<a
id="maliciousTransferERC20WithDeeplink"
>
<button
class="btn btn-warning btn-lg btn-block mb-3 text-dark"
>
(Mobile) Malicious ERC20 Transfer With Deeplink
</button>
</a>
<a
id="maliciousApproveERC20WithDeeplink"
>
<button
class="btn btn-warning btn-lg btn-block mb-3 text-dark"
>
(Mobile) Malicious ERC20 Approval With Deeplink
</button>
</a>
</div>
</div>
</div>
<div
class="col-xl-4 col-lg-6 col-md-12 col-sm-12 col-12 d-flex align-items-stretch"
>
<div class="card full-width">
<div class="card-body">
<h4>
Queue of 10 Malicious Signatures
PPOM - Malicious Warning Bypasses
</h4>
<p>We know we are vulnerable if any of these Transactions/Signatures are not flagged as Malicious</p>
<h5>Transactions</h5>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="maliciousSendWithOddHexData"
disabled
>
Malicious Eth Transfer With Odd Hex Data
</button>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="maliciousApproveERC20WithOddHexData"
disabled
>
Malicious ERC20 Approval With Odd Hex Data
</button>
<h5>Signatures</h5>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="maliciousPermitHexPaddedChain"
disabled
>
Malicious Permit with Padded chainId
</button>

<button
class="btn btn-primary btn-lg btn-block mb-3"
id="signTypedDataV4Queue"
id="maliciousPermitIntAddress"
disabled
>
Sign Malicious x10 Queue
Malicious Permit with Integer Address
</button>
</div>
</div>
Expand Down Expand Up @@ -1350,22 +1418,6 @@ <h4>
Invalid Transaction Type (not supported)
</button>

<button
class="btn btn-primary btn-lg btn-block mb-3"
id="sendWithOddHexData"
disabled
>
Send with Odd Hex Data
</button>

<button
class="btn btn-primary btn-lg btn-block mb-3"
id="approveERC20WithOddHexData"
disabled
>
Approve ERC20 with Odd Hex Data
</button>

<button
class="btn btn-primary btn-lg btn-block mb-3"
id="sendWithInvalidRecipient"
Expand Down
Loading

0 comments on commit fd76621

Please sign in to comment.