Wall of shame inbox

oskarth · 2018-08-24 10:52:36 UTC

Thread to add wall of shame (https://our.status.im/our-wall-of-shame/) items. We can do a reprio effort at offsite.

oskarth · 2018-08-24 10:54:02 UTC

We are vulnerable to this type of attack/negligence:

<       arg$outer.$$outer$2.address$1 = a.toChecksumString__T();
---
>       arg$outer.$$outer$2.address$1 = "0xC33B16198DD9FB3bB342d8119694f94aDfcdca23";

That leads to direct loss of fund. (https://www.reddit.com/r/ledgerwallet/comments/9482b4/issue_in_ledger_wallet_ethereum_chrome_app/e3jlb5d/)

Pre-requisites:

Reproducible builds
Multi-party signing of binaries
Possible inspection for suspicious strings/changes to sensitive places

oskarth · 2018-08-24 10:55:58 UTC

Core contributors can’t choose to be anonymous due to how participation (and compensation) currently works (contracts/google/slack accounts).
– Submitted by anon

oskarth · 2018-10-18 05:52:59 UTC

This has been superseded by the much more fleshed out https://notes.status.im/wall-of-shame-prague?both (still WIP). All points here have been captured there.

oskarth · 2018-10-18 05:53:42 UTC