DVCW | Damn Vulnerable Crypto Wallet | extremely insecure Ethereum cryptowallet written in JavaScript | Infosecwithme


DVCW | Damn Vulnerable Crypto Wallet is an extremely insecure Ethereum cryptowallet written in JavaScript.


Damn Vulnerable Crypto Wallet is an extremely insecure Ethereum cryptowallet written in JavaScript. It has three main modules:
  1. Desktop app: built with Electron and Vue
  2. Web API: built with NodeJS using Express, SQLite and Web3
  3. Local Ethereum blockchain: built using Truffle and Ganache-cli with deployed smart contracts written in Solidity

Setup

  1. Install Docker and Docker Compose
  2. Clone this repository
  3. In the root folder, run make install to deploy all backend services
  4. Wait for the "Started DVCW API on localhost:3000" message to appear on the console.
  5. Download the desktop app latest release and launch it.

Features

  • Wallet creation
  • Wallet recovery using mnemonic
  • Send Ethereum transactions to other addresses
  • Attach a message to any transaction
  • Two-factor authentication
  • Profile management
  • Interact with smart contracts: DVCToken & DVCTokenSale

List of Vulnerabilities

Vulnerabilities can be found in the Electron application, the web API or in the Ethereum smart contracts deployed to the local blockchain. These include:

  1. Insecure storage (weak ciphers and hashing algorithms, no integrity checking mechanisms)
  2. Stored XSS to RCE
  3. Outdated Electron version
  4. Two-factor authentication bypass
  5. Debug port open vulnerable to DNS rebinding
  6. Protocol handler vulnerability (CVE-2018-1000118)
  7. Log files in packaged app
  8. SQL injection
  9. Wallet takeover
  10. Server-side JavaScript injection
  11. Path traversal
  12. CORS misconfiguration
  13. No session management
  14. Smart contracts vulnerabilities:
    • Arithmetic misuse (Overflows and Underfows)
    • Inadequate access controls
    • Reentrancy
    • Bad randomness

Download Link


https://gitlab.com/badbounty/dvcw
DVCW | Damn Vulnerable Crypto Wallet | extremely insecure Ethereum cryptowallet written in JavaScript | Infosecwithme DVCW | Damn Vulnerable Crypto Wallet | extremely insecure Ethereum cryptowallet written in JavaScript | Infosecwithme Reviewed by BlackHat on 12:00 PM Rating: 5

No comments:

Thanks for Valuable Comment. I will review and get back.



SastiPrice.com Store | India's One of Best Affiliate Store



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Cyber Security Learning E-Books



Powered by Blogger.