WARNING: The review is based on the WalletConnect protocol version 1, however at the moment of the research, version 2 inherited all the security issues from the version 1.

TL;DR

DApps and crypto wallets that integrate the WalletConnect protocol for user authentication are vulnerable to large-scale phishing attacks. An attacker could submit malicious transactions directly into a user's crypto wallet on behalf of any dApp. This is due to several security flaws in the protocol design, making over 170 wallets and 450 DApps susceptible to attack.

One of the issues appears due to the lack of session metadata authenticity. The protocol and their implementation cannot verify that dApp metadata is legitimate and coming from the trusted source.
Because the authentication process can be started and finished within different apps and especially different devices, the protocol did not design and missed to include protection mechanisms of validating that a legitimate user starts and finishes the authentication process.

The blog post structure

The entire blog post is a bit long, because it include deep technical description of high- and critical-severity vulnerabilities and the general overview of WalletConnect protocol architecture. I splitted the blog post in 3 main sections.

The first section presents a walkthrough with step-by-step instructions, a PoC script, and a PoC video of each vulnerability and high-level observations for those vulnerable components.

The second section describes a technical in-depth review of the WalletConnect protocol architecture. The second component is crucial to read in order to fully understand the security issues and attack vectors of the current protocol implementation, and it also includes recommendations to remediate the attack vectors described.

In the third section, I would like to discuss the frustration I experienced when explaining the risks to WalletConnect and providing reports to other companies through Immunefi.

Introduction

When a user authenticates into a dApp with a crypto wallet, most applications provide several options, including WalletConnect. WalletConnect has its own ecosystem of dApps and crypto-wallets that have integrated this protocol into their products. This makes them all vulnerable to the attacks described below. The demonstration is done on the Uniswap website and Metamask crypto-wallet, but this would work on any web site and wallet that integrated WalletConnect protocol.

How a legitimate WalletConnect authentication flow works

When a user authenticates into a dApp through WalletConnect, the dApp displays a QR code to start the authentication process. The user needs to scan the QR code by camera or copy the link to the clipboard:

wc:abed3fc3-59c5-4291-bbd2-72957621027f@1?bridge=https%3A%2F%2F7.bridge.walletconnect.org&key=d81e632c4f3ad7168980dfec952ba6f32f01cd966504c9227e4704fd61e05f77

Screenshot 2022-10-12 at 14.02.38.png

Once the user scans the QR code, the phone’s operating system will offer to open the link via crypto wallet, for our example we use Metamask. When the user follows this link, Metamask displays a consent page where the dApp asks for approval (Figure #1). We can see in the wallet management panel how the WalletConnect session metadata looks like when user authenticates (Figure #2). Once the user’s session is established, the dApp is authorized to send transactions to the user’s wallet for signing (Figure #3). This is how the WalletConnect flow works and looks like.