Better mitigate address poisoning

[sxguan]

Discord Discussion Link

No response

What browsers are you seeing the problem on?

Chrome

What were you trying to do?

We have designed and conducted experiments to test whether Taho wallet is vulnerable to address poisoning attacks by simulating the attack against a victim address under our control.

What did not work?

The primary security guarantee that this issue breaks is users’ trust in the transactions displayed on Taho Wallet. Users rely on the transaction history in the "activity" tab to verify past transactions and confirm recipient addresses before sending funds. However, Taho Wallet shortens the addresses in the displayed transaction, which forces the user to rely on the prefix and suffix of an address to differentiate Ethereum addresses. By displaying phishing transactions sent from a “look-alike” address in the "activity" tab, the wallet exposes users to the following risks:

• Attackers can generate “look-alike” addresses easily to impersonate a legitimate address that the victims have a previous transaction.
• By sending different phishing transactions from the “look-alike” address (e.g., zero-value, dust-value, and fake-token), attackers can easily poison the victim’s transaction history in the "activity" tab.
• When victims decide to send funds to the same legitimate address, they can mistakenly copy the “look-alike” phishing address from the phishing transactions displayed in the “activity”, resulting in financial losses.

We observed that Taho Wallet displayed zero-ETH,dust-ETH and fake-ETH transfers sent by the ‘look-alike’ address S’, which poses a high risk to the victim and leads the victim to believe that S’ is S. The victim could copy S’ and transfer funds to it, resulting in significant financial loss.
Please find our complete report in the attachment
Taho Wallet Report.pdf

Version

v0.63.1

Relevant log output

[Shadowfiend]

Thank you for sharing this vuln!

Still processing the overall vector here; a few notes/questions, however:

• Generally, please file security concerns and reports via [email protected] . This inbox is monitored more consistently and is listed on Taho's security.txt (though I note not in the repo; we'll fix that).

• How common have you determined it to be that folks copy-paste addresses from previous transactions? I'm not familiar with the frequency of this particular usage pattern.

• fake-ETH

  Can you share specific reproduction steps for the fake-ETH scenario? Which contracts were used? Unknown token contracts should only show up in the activity list if the user explicitly marks them as trusted or adds them.

[sxguan]

Thank you for your response. I have sent the report to [email protected].

For your questions:

Fake ETH contract: 0x0466744Bebc57597774936FB1bc12140ecfC7445.
● R (0x71aF257EF2fA722694E1621B6f1D968c28Dd7A95): a legitimate address that will
receive funds.
● S (0x46F0196EdBb29Bd3715E7F556c8633efDe1D0Dd9): a legitimate address that will
send funds to the R.
● S’ (0x46F0042749ad2383471639b57833cd80bf1f0Dd9): a phishing address that looks
like S, which will be used to launch the address poisoning attacks against the R.
Simulated Transfers:
1 S R N/A 0.001 ETH Legitimate
2 S’ R NA 0 ETH Zero-ETH
3 S’ R NA 0.00001 ETH Dust-ETH
4 S’ R Fake ETH contract 0 ETH Fake-ETH
5 S’ R Fake ETH contract 0.001 ETH Fake-ETH

Please check the report in the attachment for screenshots and details

Taho Wallet Report.pdf

[mhluongo]

Appreciate the attention here! But I have to ask... if you think this is an active vulnerability, why in the world would you post it publicly?

[mhluongo]

is extremely dangerous to users

Both the issue title and the report are hyperbolic. Changing the issue title, as address poisoning will always be an issue on standard EVM tooling.

After reviewing further, I think we could improve the UX here a bit... but not that much.

We can flag address lookalikes as "spam" in the interface and disable the copy button... but they could be valid. We can hide transactions, but we always need users to be able to show these transactions.

Perhaps the best mitigation would be showing a warning if someone sends to a lookalike address, similar to what we do sending tokens to smart contracts.