Background
As the TON ecosystem continues to grow, so has Web3 phishing groups. Currently, the TON ecosystem utilizes the TonConnect SDK to facilitate cross-platform and cross-application wallet connections and interactions. A common challenge with these solutions is ensuring domain verification during cross-platform or cross-application communications.
Typically, to help users verify the source when connecting their wallet to a DApp or confirming a signature request, wallets display the domain of the origin on the approval page. This allows users to verify and confirm that the request’s source matches the expected origin, thereby preventing fraudulent signature requests from malicious sources.
The SlowMist security team has previously identified security issues related to domain verification in cross-platform or cross-application communications involving wallets and DApps. We discussed and communicated these issues with the teams behind MetaMask SDK and WalletConnect Web3Modal and found that this problem is difficult to resolve. As a result, MetaMask and WalletConnect have not yet fully addressed this issue.
Recently, we discovered that the TonConnect SDK in the TON ecosystem also faces similar challenges. We’re here to disclose this information to help users recognize and mitigate these risks.
Analysis
When browser extension wallets interact with DApps, they typically inject JavaScript scripts (content scripts) into the web page to facilitate message forwarding between the web page and the browser extension. Communication between the web page and the content script uses `window.postMessage` and `window.addEventListener`. The `window.addEventListener` function can further process messages by checking the origin of the message, including displaying the message’s origin in the browser extension wallet, determining whether the message’s origin is on a blacklist, and performing authentication of the message’s origin. Because the origin is obtained using functions provided by the browser, it cannot be forged.
However, in cross-platform or cross-application message communications, messages are typically forwarded through a message forwarding server, which makes it challenging to verify the originating domain of the message (as client data can be spoofed). This opens up the possibility for the origin of messages to be forged. The following are two scenarios of cross-platform or cross-application message communication:
1. Browser web page <=> Message forwarding server <=> Wallet app
2. Other apps <=> Message forwarding server <=> Wallet app
For instance, with the TonConnect SDK, a DApp uses the SDK as a tool for message communication between the wallet and the DApp. When integrating TonConnect SDK, it is necessary to configure `dappMetadata`. However, the data in `dappMetadata` is difficult to verify, allowing a malicious DApp to modify `dappMetadata` to impersonate a trusted website and deceive users.
import { SendTransactionRequest, TonConnect, UserRejectsError, WalletInfo, WalletInfoInjected } from '@tonconnect/sdk';
import { notification } from 'antd';
import { isMobile, openLink } from 'src/utils';
const dappMetadata = {
manifestUrl: 'https://x.x.x/tonconnect-manifest.json',
};
export const connector = new TonConnect(dappMetadata);By setting the manifest.json as shown below, it is possible to forge the origin as ton.org:
{
"url": "https://ton.org",
"name": "Fake and evil DApp",
"iconUrl": "https://ton-connect.github.io/demo-dapp/apple-touch-icon.png",
"termsOfUseUrl": "https://ton-connect.github.io/demo-dapp/terms-of-use.txt",
"privacyPolicyUrl": "https://ton-connect.github.io/demo-dapp/privacy-policy.txt"
}Here is the proof-of-concept (PoC) after deploying the above code, followed by scanning and parsing the QR code.
TonConnect SDK transmits the data from the manifestUrl to the wallet application via a QR code, unlike other SDKs that use message forwarding servers. The wallet application parses the data obtained from the manifestUrl. We found that we could easily impersonate the origin of any DApp and communicate with the wallet, meaning an attacker could use this flaw to impersonate well-known DApps to conduct phishing and fraud attacks.
After a successful connection, the forged DApp can initiate a signature request via TonConnect. Once the user confirms, the wallet will broadcast the signed data to the blockchain. The forgery of origin is highly deceptive, making it difficult for users to discern the source of the connection and signature request.
In the MetaMask SDK, phishing and fraud attacks can be carried out by modifying the dappMetadata to impersonate well-known DApps:
<script src="./metamask-sdk.js"></script>
<script>
const sdk = new MetaMaskSDK.MetaMaskSDK({
dappMetadata: {
name: "Fake and evil DApp",
url: "https://metamask.io",
},
logging: {
sdk: false,
}
});
</script>Similarly, in WalletConnectModalSign, modifying the metadata allows for the same:
import { WalletConnectModalSign } from "https://unpkg.com/@walletconnect/modal-sign-html@2.5.8";
const connectButton = document.getElementById("connect-button");
const web3Modal = new WalletConnectModalSign({
projectId: "32832b2f363c3e960ea28541f380b8d1",
metadata: {
name: "Fake and evil DApp",
description: "Fake and evil DApp",
url: "https://walletconnect.com/",
icons: ["https://walletconnect.com/static/favicon.png"],
},
});Conclusion
Currently, there is no comprehensive solution for domain verification issues in cross-platform or cross-application communications between mainstream wallets and DApps. SDK developers often implement additional verification methods, such as WalletConnect’s Verify mechanism (https://docs.walletconnect.com/cloud/verify). This mechanism allows the wallet to use the Verify API to check the domain’s trustworthiness after the DApp verifies the domain.
However, many mainstream DApps do not use the Verify method, so this solution is not foolproof against origin forgery phishing attacks. If the majority of DApps used the Verify method for domain authentication, it would significantly reduce the risk of phishing attacks exploiting forged origins. The SlowMist security team advises users to verify that the domain of the website they are visiting matches the domain displayed during the approval request to avoid falling victim to such attacks.
About SlowMist
At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.
We offers a variety of services that include but are not limited to security audits, threat intelligence, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) solutions, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.
By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we wish to help spread awareness and raise the security standards in the blockchain ecosystem.
