Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?

Duckdao Farming Audit Logs

Files And Lines Checked

Language Files lines
TypeScript 20 5287
Vuejs Component 28 3957
TOTAL Sum 48 9244

NPM Packages Checked

Dependencies

{
    "express": "4.17.1",
    "connect-history-api-fallback": "1.6.0",
    "ethers": "5.0.19",
    "vue": "2.6.11",
    "vue-class-component": "7.2.2",
    "vue-clipboard2": "^0.3.1",
    "vue-notification": "^1.3.20",
    "vue-property-decorator": "8.3.0",
    "vue-router": "3.1.5",
    "vuex": "3.1.2"
  }

DevDependencies

{
    "@babel/core": "7.8.4",
    "@babel/plugin-proposal-object-rest-spread": "7.8.3",
    "@vue/cli-plugin-babel": "4.1.1",
    "@vue/cli-plugin-typescript": "4.1.1",
    "@vue/cli-service": "4.1.1",
    "babel-core": "7.0.0-bridge.0",
    "compression-webpack-plugin": "6.0.0",
    "core-js": "3.6.5",
    "node-sass": "4.14.1",
    "sass-loader": "8.0.0",
    "stylelint": "13.3.3",
    "stylelint-config-standard": "19.0.0",
    "stylelint-scss": "3.13.0",
    "stylelint-webpack-plugin": "1.2.1",
    "tslint": "5.20.1",
    "tslint-consistent-codestyle": "1.16.0",
    "tslint-loader": "3.5.4",
    "typescript": "3.7.4",
    "vue-svg-loader": "0.15.0",
    "vue-template-compiler": "2.6.11",
    "vue-tslint": "0.3.2",
    "vue-tslint-loader": "3.5.6",
    "webpack": "4.41.5"
  }

Checked Packages: 33/33

Found Vulnerabilities: 1/33

Foundings:

  • init@>1.3.6: Peer-Dependency Pollution

Exploits and Vulnerabilities Checked

  • File inclusion and disclosure
  • Cross-site scripting injection (XSS)
  • XML and internal data escaping
  • Express static file exploitation and leakage
  • Common configuration issues
  • XML, JSON and general API security
  • Untrusted input injection
  • Cross-site request forgery (CSRF)
  • Clickjacking
  • Insecure data transfer
  • Session fixation
  • Session stealing
  • Truncation attacks, trimming attacks
  • Comparison issues
  • Prefetching and Spiders

Total checked: 15/15

Found Vulnerabilities: 0/15

Web3 Vulnerabilities

  • web3 Provider injection
  • metamask window object manipulation
  • contract bytecode invalidation

Total checked 2/3

Found Vulnerabilities: 0/2

Overall Security Score: 98%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment