Vulnerability Reports

November 23, 2023 - URL Rewrite

Severity - Medium

Reported via the , this vulnerability was discovered by . No user funds were directly at risk. This vulnerability stemmed from an unsanitized input in the Next.js SDK tunnel endpoint, a part of the 'tunnel' feature in Sentry. It would allow attackers to send HTTP requests to arbitrary URLs and reflect the response back to the user. The primary concern was the insufficient restrictions on the 'o' query parameter, which could enable attackers to redirect requests and potentially execute malicious scripts. The vulnerability had the potential to significantly impact users. Malicious actors could exploit it to load pages with scripts in the backend, enabling them to connect to users' Web3 wallets. This could result in unauthorized transactions, registration of fake tokens, or even the rewriting of false airdrop or giveaway pages to siphon user funds.

Mitigation

The problem was mitigated by simply updating the Sentry NextJS Plugin. To mitigate further risk in the future, Sentry is being removed from our frontend site, effectively immediately. We thank 0xTeam for their responsible disclosure and an appropriate bounty will be paid.

Links