Taho Wallet Is Vulnerable To Address Poisoning Attack

[sxguan]

Discord Discussion Link

No response

What browsers are you seeing the problem on?

Chrome

What were you trying to do?

We have designed and conducted experiments to test whether Taho wallet is vulnerable to address poisoning attacks by simulating the attack against a victim address under our control.

What did not work?

The primary security guarantee that this issue breaks is users’ trust in the transactions displayed on Taho Wallet. Users rely on the transaction history in the "activity" tab to verify past transactions and confirm recipient addresses before sending funds. However, Taho Wallet shortens the addresses in the displayed transaction, which forces the user to rely on the prefix and suffix of an address to differentiate Ethereum addresses. By displaying phishing transactions sent from a “look-alike” address in the "activity" tab, the wallet exposes users to the following risks:

• Attackers can generate “look-alike” addresses easily to impersonate a legitimate address that the victims have a previous transaction.
• By sending different phishing transactions from the “look-alike” address (e.g., zero-value, dust-value, and fake-token), attackers can easily poison the victim’s transaction history in the "activity" tab.
• When victims decide to send funds to the same legitimate address, they can mistakenly copy the “look-alike” phishing address from the phishing transactions displayed in the “activity”, resulting in financial losses.

We observed that Taho Wallet displayed zero-ETH,dust-ETH and fake-ETH transfers sent by the ‘look-alike’ address S’, which poses a high risk to the victim and leads the victim to believe that S’ is S. The victim could copy S’ and transfer funds to it, resulting in significant financial loss.
Please find our complete report in the attachment
Taho Wallet Report.pdf

Version

v0.63.1

Relevant log output

[Shadowfiend]

Thank you for sharing this vuln!

Still processing the overall vector here; a few notes/questions, however:

• Generally, please file security concerns and reports via [email protected] . This inbox is monitored more consistently and is listed on Taho's security.txt (though I note not in the repo; we'll fix that).

• How common have you determined it to be that folks copy-paste addresses from previous transactions? I'm not familiar with the frequency of this particular usage pattern.

• fake-ETH

  Can you share specific reproduction steps for the fake-ETH scenario? Which contracts were used? Unknown token contracts should only show up in the activity list if the user explicitly marks them as trusted or adds them.

[sxguan]

Thank you for your response. I have sent the report to [email protected].

For your questions:

Fake ETH contract: 0x0466744Bebc57597774936FB1bc12140ecfC7445.
● R (0x71aF257EF2fA722694E1621B6f1D968c28Dd7A95): a legitimate address that will
receive funds.
● S (0x46F0196EdBb29Bd3715E7F556c8633efDe1D0Dd9): a legitimate address that will
send funds to the R.
● S’ (0x46F0042749ad2383471639b57833cd80bf1f0Dd9): a phishing address that looks
like S, which will be used to launch the address poisoning attacks against the R.
Simulated Transfers:
1 S R N/A 0.001 ETH Legitimate
2 S’ R NA 0 ETH Zero-ETH
3 S’ R NA 0.00001 ETH Dust-ETH
4 S’ R Fake ETH contract 0 ETH Fake-ETH
5 S’ R Fake ETH contract 0.001 ETH Fake-ETH

Please check the report in the attachment for screenshots and details

Taho Wallet Report.pdf