Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add malicious deeplinks, bypasses and reorg #328

Merged
merged 4 commits into from
Apr 25, 2024
Merged

feat: add malicious deeplinks, bypasses and reorg #328

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
5438042
Add malicious deeplinks, bypasses and reorg
seaona Apr 23, 2024
d8d0a2a
clean-up
seaona Apr 25, 2024
c1946c8
reorg list buttons
seaona Apr 25, 2024
7884d37
Merge branch 'main' into ppom-bypasses-deeplinks-reorg
seaona Apr 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
110 changes: 81 additions & 29 deletions src/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -814,8 +814,10 @@ <h4 class="card-title">
<div class="card full-width">
<div class="card-body">
<h4 class="card-title">
PPOM
PPOM - Malicious Transactions and Signatures
</h4>
<p>We know we are vulnerable if any of these Transactions/Signatures are not flagged as Malicious</p>
<h5>Transactions</h5>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="maliciousRawEthButton"
Expand All @@ -834,6 +836,7 @@ <h4 class="card-title">
class="btn btn-primary btn-lg btn-block mb-3"
id="maliciousERC20TransferButton"
disabled
title="This will only be flagged if you have some ERC20 balance"
>
Malicious ERC20 Transfer (USDC)
</button>
Expand All @@ -851,6 +854,7 @@ <h4 class="card-title">
>
Malicious Set Approval For All
</button>
<h5>Signatures</h5>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="maliciousPermit"
Expand Down Expand Up @@ -881,31 +885,27 @@ <h4 class="card-title">
<div class="card full-width">
<div class="card-body">
<h4>
Batch of 10 Malicious Transactions
PPOM - Malicious Batching and Queueing
</h4>

<p>We know we are vulnerable if any of these Transactions/Signatures are not flagged as Malicious</p>
<h5>Transactions</h5>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="sendEIP1559Batch"
disabled
>
Send Eth Malicious x10 Batch
</button>
<h4>
Queue of 10 Malicious Transactions
</h4>


<button
class="btn btn-primary btn-lg btn-block mb-3"
id="sendEIP1559Queue"
disabled
>
Send Eth Malicious x10 Queue
</button>
<h4>
Batch of 10 Malicious Signatures
</h4>

<h5>Signatures</h5>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="signTypedDataV4Batch"
Expand All @@ -914,16 +914,84 @@ <h4>
Sign Malicious x10 Batch
</button>

<button
class="btn btn-primary btn-lg btn-block mb-3"
id="signTypedDataV4Queue"
disabled
>
Sign Malicious x10 Queue
</button>
<hr />
<h4>PPOM - Malicious Deeplinks</h4>
<a
id="maliciousSendEthWithDeeplink"
>
<button
class="btn btn-warning btn-lg btn-block mb-3 text-dark"
>
(Mobile) Malicious Eth Transfer With Deeplink
</button>
</a>
<a
id="maliciousTransferERC20WithDeeplink"
>
<button
class="btn btn-warning btn-lg btn-block mb-3 text-dark"
>
(Mobile) Malicious ERC20 Transfer With Deeplink
</button>
</a>
<a
id="maliciousApproveERC20WithDeeplink"
>
<button
class="btn btn-warning btn-lg btn-block mb-3 text-dark"
>
(Mobile) Malicious ERC20 Approval With Deeplink
</button>
</a>
</div>
</div>
</div>
<div
class="col-xl-4 col-lg-6 col-md-12 col-sm-12 col-12 d-flex align-items-stretch"
>
<div class="card full-width">
<div class="card-body">
<h4>
Queue of 10 Malicious Signatures
PPOM - Malicious Warning Bypasses
</h4>
<p>We know we are vulnerable if any of these Transactions/Signatures are not flagged as Malicious</p>
<h5>Transactions</h5>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="maliciousSendWithOddHexData"
disabled
>
Malicious Eth Transfer With Odd Hex Data
</button>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="maliciousApproveERC20WithOddHexData"
disabled
>
Malicious ERC20 Approval With Odd Hex Data
</button>
<h5>Signatures</h5>
<button
class="btn btn-primary btn-lg btn-block mb-3"
id="maliciousPermitHexPaddedChain"
disabled
>
Malicious Permit with Padded chainId
</button>

<button
class="btn btn-primary btn-lg btn-block mb-3"
id="signTypedDataV4Queue"
id="maliciousPermitIntAddress"
disabled
>
Sign Malicious x10 Queue
Malicious Permit with Integer Address
</button>
</div>
</div>
Expand Down Expand Up @@ -1350,22 +1418,6 @@ <h4>
Invalid Transaction Type (not supported)
</button>

<button
class="btn btn-primary btn-lg btn-block mb-3"
id="sendWithOddHexData"
disabled
>
Send with Odd Hex Data
</button>

<button
class="btn btn-primary btn-lg btn-block mb-3"
id="approveERC20WithOddHexData"
disabled
>
Approve ERC20 with Odd Hex Data
</button>

<button
class="btn btn-primary btn-lg btn-block mb-3"
id="sendWithInvalidRecipient"
Expand Down
Loading
Loading