(www.aikido.dev)

1369 points universesquid | 2 comments | 08 Sep 25 15:37 UTC | HN request time: 0.56s | source

https://github.com/advisories/GHSA-8mgj-vmr8-frr6

1. zabil ◴[08 Sep 25 20:26 UTC] No.45173497[source]▶

Does anybody have tips on how to invalidate a wallet address response if it's intercepted and modified like this?

2. Mattwmaster58 ◴[08 Sep 25 20:32 UTC] No.45173582[source]▶

Off the top of my head, you could include your own checksum in the payload. Their code only modifies the address. Nothing would prevent them from reverse engineering checksum, too.

There are ways to detect a replaced/proxied global window function too, and that's another arms race.

↑

NPM debug and chalk packages compromised