Report ID
#27099
Report type
Websites and Applications
Has PoC?
Yes
Target
https://basin.exchange
Impacts
- Persistent content spoofing / text injection issues
Description
hello team,
Upon thorough analysis of https://basin.exchange/, it has been identified that the website lacks a valid DMARC (Domain-based Message Authentication, Reporting, and Conformance) record. DMARC is a critical email authentication protocol that helps prevent email spoofing and phishing attacks by providing a way for email receivers to check that incoming messages from a domain are legitimate.
Fix
To enhance the security posture of https://basin.exchange/, it is recommended to implement a DMARC record.
Impact
The absence of a DMARC record increases the vulnerability of https://basin.exchange/ to email-based attacks, including phishing and impersonation scams. This is particularly crucial in the context of web3 platforms, where crypto transactions and sensitive information exchanges are prevalent.
Proof of concept
PoC :
- Visit https://mxtoolbox.com/dmarc.aspx
- Enter the Domain Name :
basin.exchange - Click on the "DMARC Lookup"
You will see No Record found
Note
It's important to note that most web3 platforms recognize the significance of DMARC records for email security. Many established web3 applications have valid DMARC records in place to protect users from potential scams and phishing attempts."I have tested other web3 web apps and found that they do have valid security records. Yes, every platform has its own security aspect . I just want to mention this as a reference. Fixing this by adding a DMARC record also protects the basin.exchange subdomain. Hope you fix it