Approve allows a token holder to authorize another address to transfer a specified amount of tokens from their account. This action is typically used to permit transactions or contracts to spend tokens from the user's account.
If the wallet fails to correctly identify anomalies in the approve signature data initiated by the Dapp, it may pose a phishing risk.
Click the "Connect Wallet" button to connect your wallet. This test applies to the Polygon network. If the blank box below does not display "Polygon Mainnet (Chain ID: 137)" after connecting your wallet, click the "Switch to Polygon Mainnet" button to change the network.
Test by clicking the "approve(address,uint256) 128" button and other buttons like "126", "126+Blank", etc. Here, 128 represents a normal length, while "126" and "126+Blank" are abnormal lengths. If the wallet fails to correctly identify the signature type or detect risks after triggering the signature, a vulnerability is present.
The wallet should correctly identify the approve signature type with different signature data lengths.
ethereum.request({
"method": "eth_sendTransaction",
"params": [{
"from": accounts[0],
"to": "0xc2132d05d31c914a87c6611c10748aeb04b58e8f",
"gasPrice": "0x09184e72a000",
"gas": "0xe4f3",
"data": "0x095ea7b30000000000000000000000009197ee309722a7658934796f0c4bfde85774dd2800000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
}]
});ethereum.request({
"method": "eth_sendTransaction",
"params": [{
"from": accounts[0],
"to": "0xc2132d05d31c914a87c6611c10748aeb04b58e8f",
"gasPrice": "0x09184e72a000",
"gas": "0xe4f3",
"data": "0x095ea7b30000000000000000000000009197ee309722a7658934796f0c4bfde85774dd2800000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
}]
});ethereum.request({
"method": "eth_sendTransaction",
"params": [{
"from": accounts[0],
"to": "0xc2132d05d31c914a87c6611c10748aeb04b58e8f",
"gasPrice": "0x09184e72a000",
"gas": "0xe4f3",
"data": "0x095ea7b30000000000000000000000009197ee309722a7658934796f0c4bfde85774dd2800000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF 112233445566"
}]
});ethereum.request({
"method": "eth_sendTransaction",
"params": [{
"from": accounts[0],
"to": "0xc2132d05d31c914a87c6611c10748aeb04b58e8f",
"gasPrice": "0x09184e72a000",
"gas": "0xe4f3",
"data": "0x095ea7b30000000000000000000000009197ee309722a7658934796f0c4bfde85774dd2800000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF00"
}]
});ethereum.request({
"method": "eth_sendTransaction",
"params": [{
"from": accounts[0],
"to": "0xc2132d05d31c914a87c6611c10748aeb04b58e8f",
"gasPrice": "0x09184e72a000",
"gas": "0xe4f3",
"data": "0x095ea7b30000000000000000000000009197ee309722a7658934796f0c4bfde85774dd2800000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
}]
});ethereum.request({
"method": "eth_sendTransaction",
"params": [{
"from": accounts[0],
"to": "0xc2132d05d31c914a87c6611c10748aeb04b58e8f",
"gasPrice": "0x09184e72a000",
"gas": "0xe4f3",
"data": "0x095ea7b30000000000000000000000009197ee309722a7658934796f0c4bfde85774dd2800000000000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF"
}]
});