Beanstalk Notion
Beanstalk Notion
/
🪲
Bug Reports
/
BIC Notes
/
📄
Report #30422
📄

Report #30422

Report Date
April 26, 2024
Status
Closed
Payout

basin.exchange is vulnerable to clickcjacking attack

‣
Report Info

Report ID

#30422

Report type

Websites and Applications

Has PoC?

Yes

Target

https://basin.exchange

Impacts

  • Injecting code that results in malicious interactions with an already-connected wallet such as modifying transaction arguments or parameters, substituting contract addresses, submitting malicious transactions

Description

Hi team, While performing security testing of your website i have found the vulnerability called Clickjacking. URLS are in scope and vulnerable to Clickjacking.

This vulnerability affects Web Server.

Vulnerability Details

Recently MetaMask critical Clickjacking Vulnerability where metamsk wallet are not protected click attack , read more about it https://medium.com/metamask/metamask-awards-bug-bounty-for-clickjacking-vulnerability-9f53618e3c3a

What is Clickjacking ? Clickjacking (User Interface redress attack, UI redress attack, UI redressing) is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages. The server didn't return an X-Frame-Options header which means that this website could be at risk of a clickjacking attack. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

Impact Details

Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are giving approval to connect their wallet, but instead are approving into an invisible frame controlled by the attacker. .

References

metamask clickjacking issue - https://medium.com/metamask/metamask-awards-bug-bounty-for-clickjacking-vulnerability-9f53618e3c3a

Proof of concept

Vulnerable Urls: basin.exchange

copy below code and save .html file then open it

<html lang="en-US"> <head> <meta charset="UTF-8"> <title>I Frame</title> </head> <body> <h3>clickjacking vulnerability</h3> <iframe src="https://basin.exchange" height="550px" width="700px"></iframe> </body> </html>

you can it appreaing in iframe

Immunefi Response

Thank you for your submission to the Beanstalk bug bounty program. Unfortunately, after reviewing your report, Immunefi has decided to close it due to the assessed impact being out of scope.

Immunefi review:

  • The claimed impact by the whitehat is in scope of the bug bounty program but the assessed impact doesn't match with the claimed impact for the following reasons.
    • The described issue falls under the category of Impacts related to missing HTTP Security Headers (such as X-FRAME-OPTIONS), as the whitehat hasn't provided sufficient information on how iframing the homepage can lead to malicious transactions without the victim connecting their wallet on the attacker-controlled website.
  • The assessed asset IS in scope for the bug bounty program
  • PoC hasn't been submitted to the project

Please note that the project will receive a report of the closed submission and may choose to re-open it, but they are not obligated to do so.