Oron Wallet is a decentralized Web3 cryptocurrency wallet providing secure, user-friendly management of diverse digital assets with interoperability across multiple blockchains.
Learn How QuillAudits Enhanced Oron Wallet Security by Fixing IDOR & Data Exposure Issues
QuillAudits conducted an extensive security audit of Oron Wallet, uncovering and rectifying 10 critical vulnerabilities to bolster the wallet's security & reliability.
Before QuillAudits
- Security gaps including Insecure Direct Object References (IDOR), missing rate limiting, and sensitive data exposure were present.
- High-risk vulnerabilities allowed unauthorized access to user accounts and sensitive information.
- No rate limiting was implemented on functions like processRequest(), leading to potential DoS attacks.
- Lack of SSL Pinning exposed the application to Man-in-the-Middle (MitM) attacks.
- Internal identifiers like userId were exposed in URL parameters without access control checks.
- Parameters like wallet_address were not properly validated, allowing unauthorized access to recovery phrases.
- Sensitive data like passwords were exposed in memory dumps.
After QuillAudits
- Implemented robust access control mechanisms, rate limiting, and encrypted storage solutions to enhance data security and user protection.
- Applied rigorous controls to prevent unauthorized access and protect sensitive user data, including SSL Pinning to secure communications.
- Introduced rate limiting to processRequest() and submitTransaction() to prevent DoS attacks.
- Implemented SSL Pinning in establishSecureConnection() to prevent MitM attacks.
- Implemented access control checks to ensure identifiers such as userId are only accessed by authorized users.
- Implemented stringent access control to validate that requests involving wallet_address are authorized.
- Implemented secure data handling practices to prevent exposure in memory dumps.
See how QuillAudits is a trusted partner in 1000+ Audit stories
Oron Wallet offers a decentralized Web3 platform for managing various cryptocurrencies, providing features like sending, receiving, buying, selling, and staking digital assets. The wallet is designed with interoperability across multiple blockchains, ensuring a seamless user experience. However, the security of such a platform is paramount to protect users from potential threats and vulnerabilities.
Oron Wallet is Revolutionizing Crypto Management
The Oron Crypto Wallet provides a robust set of features designed to enhance your crypto experience and ensure your assets are secure. Your crypto is safeguarded by top-tier security protocols, including penetration testing, multi-layer encryption, and adherence to the highest regulatory standards. Easily manage your crypto assets on the go with our intuitive mobile app and web interface. Oron Crypto Wallet supports numerous popular cryptocurrencies, allowing you to manage your entire digital portfolio in one place. Effortlessly interact with various DeFi platforms and dApps, unlocking endless possibilities within the decentralized finance ecosystem.
Addressing Oron Wallet’s Security Vulnerabilities
Oron Wallet faced significant security challenges, including Insecure Direct Object References (IDOR), sensitive data exposure, and missing rate limiting. These vulnerabilities posed risks such as unauthorized access to user accounts, potential Denial-of-Service (DoS) attacks, and data breaches. Our audit aimed to identify these weaknesses and implement effective remediation strategies to enhance the wallet's security posture.
Oron Wallet’s Journey Through Our Audit Process
1. Information Gathering
- OSINT: Utilizing tools like DNSenum and Shodan to gather information about the Oron’s infrastructure, dependencies, and potential vulnerabilities.
- Manual Analysis: Reviewing the codebase of the Oron for potential logic flaws, and other security issues.
- Documentation Review: Analyzing Oron’s documentation for security best practices, known vulnerabilities, and potential attack vectors.
2. Vulnerability Assessment
- Automated Scanning: Employing tools like Acunetix and Burp Suite to identify common web vulnerabilities such as cross-site scripting (XSS), SQL injection, and authentication bypasses.
- Manual Testing: Conducting manual penetration testing techniques to exploit identified vulnerabilities and assess their impact.
3. Exploitation and Impact Analysis
- Proof-of-Concept (PoC) Development: Developing PoC exploits to demonstrate the feasibility of exploiting identified vulnerabilities.
- Impact Assessment: Evaluating the potential impact of successful exploitation on user funds, data privacy, and overall system integrity.
4. Reporting and Remediation:
- Detailed Report: Providing a comprehensive report outlining identified vulnerabilities, their severity, potential impact, and recommended remediation steps.
- Collaboration with Oron Developers: Working closely with the oron developers to implement security fixes and mitigate identified risks.
QuillAudits' Strategic Approach to Oron Wallet’s Security Audits
Our approach to auditing Oron Wallet involved a combination of threat modeling, a security-first mindset, and extensive testing. We used both white-box and black-box testing methods to ensure a thorough assessment, maintaining transparency and clear communication with the Oron Wallet team throughout the process.
Comprehensive Audit Discoveries and Remediation Strategies
The Oron Web3 Wallet Android app security audit identified several vulnerabilities that attackers could exploit to compromise user accounts, steal sensitive information, and disrupt application functionality:
Our thorough and extensive audit uncovered 4 High Severity vulnerabilities, 5 Medium - severity issues, and 4 Low findings.
Here is a breakdown of the critical vulnerabilities in audit discoveries and remediation strategies:
Audit Discoveries
- Insecure Direct Object References (IDOR):
- Discovery: The application was found to be susceptible to IDOR vulnerabilities. This occurs when an internal identifier, such as a mobile number or email address, is directly exposed in a URL or form parameter. An attacker could manipulate this identifier to gain unauthorized access to another user's account information unless proper access control mechanisms are implemented.
- Impact: Attackers could manipulate these identifiers to gain unauthorized access to other users' account information, leading to potential theft of funds or personal data.
- Discovery: The application was found to be susceptible to IDOR vulnerabilities. This occurs when an internal identifier, such as a mobile number or email address, is directly exposed in a URL or form parameter. An attacker could manipulate this identifier to gain unauthorized access to another user's account information unless proper access control mechanisms are implemented.
- IDOR Leading to Secret Key Leakage:
- Discovery: A critical IDOR vulnerability that allowed attackers to access a user’s recovery phrase codes, essentially the private keys to their wallet, was identified. This vulnerability arose from the application's failure to enforce proper access control on requests involving parameters like
wallet_address. By manipulating these parameters, attackers could gain unauthorized access to a victim's wallet and steal their cryptocurrency.
- Impact: This could result in unauthorized access to user wallets and the theft of cryptocurrency, as recovery phrases are essentially private keys.
- Discovery: A critical IDOR vulnerability that allowed attackers to access a user’s recovery phrase codes, essentially the private keys to their wallet, was identified. This vulnerability arose from the application's failure to enforce proper access control on requests involving parameters like
- Missing Rate Limiting:
- Discovery: The application lacked any form of rate limiting mechanism. Rate limiting is a security technique restricting the number of requests a user or device can send within a specific timeframe. Without this protection, an attacker could bombard the application with malicious requests, potentially leading to a Denial-of-Service (DoS) attack that disrupts legitimate user access.
- Impact: Attackers could perform a Denial-of-Service (DoS) attack by overwhelming the application with requests, disrupting access for legitimate users.
- Discovery: The application lacked any form of rate limiting mechanism. Rate limiting is a security technique restricting the number of requests a user or device can send within a specific timeframe. Without this protection, an attacker could bombard the application with malicious requests, potentially leading to a Denial-of-Service (DoS) attack that disrupts legitimate user access.
- Sensitive Data Exposure in Memory Dumps:
- Discovery: A critical vulnerability was discovered that exposed sensitive user information, such as passwords or backup codes, in the application's memory dump. Memory dumps can occur for various reasons, including debugging tools, logging mechanisms, or vulnerabilities within the application's memory management. This exposure poses a significant risk, as attackers could potentially exploit this vulnerability to steal user credentials and compromise their accounts.
- Impact: Attackers with access to these memory dumps could steal user credentials or backup codes, leading to account compromise.
- Discovery: A critical vulnerability was discovered that exposed sensitive user information, such as passwords or backup codes, in the application's memory dump. Memory dumps can occur for various reasons, including debugging tools, logging mechanisms, or vulnerabilities within the application's memory management. This exposure poses a significant risk, as attackers could potentially exploit this vulnerability to steal user credentials and compromise their accounts.
- Improper Storage of Sensitive Data:
- Discovery: The audit revealed that the application stored sensitive information, such as authentication tokens or private keys, within the Android Shared Preferences system. Shared Preferences offer a simple key-value storage mechanism but are not inherently secure for storing sensitive data. Without proper encryption or additional security measures, this data becomes vulnerable to unauthorized access, particularly on rooted devices.
- Impact: On rooted devices, this data could be accessed by unauthorized users, posing a significant security risk.
- Discovery: The audit revealed that the application stored sensitive information, such as authentication tokens or private keys, within the Android Shared Preferences system. Shared Preferences offer a simple key-value storage mechanism but are not inherently secure for storing sensitive data. Without proper encryption or additional security measures, this data becomes vulnerable to unauthorized access, particularly on rooted devices.
- Lack of SSL Pinning:
- Discovery: The application did not implement SSL Pinning, a security technique that helps prevent Man-in-the-Middle (MitM) attacks. SSL Pinning allows the application to verify the server's certificate against a set of pre-defined trusted certificates. Without this protection, attackers could potentially intercept and manipulate the communication between the application and the server, potentially leading to data breaches or other security compromises.
- Impact: This made the app vulnerable to Man-in-the-Middle (MitM) attacks, where attackers could intercept and manipulate the communication between the application and the server.
- Discovery: The application did not implement SSL Pinning, a security technique that helps prevent Man-in-the-Middle (MitM) attacks. SSL Pinning allows the application to verify the server's certificate against a set of pre-defined trusted certificates. Without this protection, attackers could potentially intercept and manipulate the communication between the application and the server, potentially leading to data breaches or other security compromises.
Remediation Strategies
- Insecure Direct Object References (IDOR): Implemented proper access control mechanisms to validate user authorization before granting access to resources. Replaced direct exposure of internal identifiers with securely generated tokens.
- IDOR Leading to Secret Key Leakage: Enhanced access controls to protect sensitive parameters like
wallet_address. Implemented stringent verification processes to ensure that recovery phrases are only accessible to authorized users.
- Missing Rate Limiting: Introduced rate limiting by setting thresholds on the number of requests a user or device can send within a specific timeframe. This helps mitigate the risk of DoS attacks by throttling excessive requests.
- Sensitive Data Exposure in Memory Dumps: Implemented encryption for sensitive data stored in memory and ensured it is securely erased after use. Enhanced debugging and logging practices to prevent the inclusion of sensitive information in memory dumps.
- Improper Storage of Sensitive Data: Migrated sensitive data storage from Android Shared Preferences to a more secure storage mechanism, utilizing encryption to protect authentication tokens and private keys. Applied additional security measures to safeguard data on both rooted and non-rooted devices.
- Lack of SSL Pinning: Integrated SSL Pinning to ensure that the application only trusts specific, pre-defined server certificates. Implemented SSL Pinning in
establishSecureConnection().This prevents MitM attacks by verifying the server's identity before establishing a secure connection.
Impressed by our findings and recommendations, the Oron Wallet developers promptly addressed all identified vulnerabilities. Through our collaborative efforts, the Oron Platform is now significantly more secure, ensuring the protection of user funds.
The Oron Web3 Android Wallet security audit identified and addressed High Medium and Low severity vulnerabilities and other Best Practices, protecting user funds and ensuring platform stability. This case study demonstrates the importance of proactive security measures for Web3-based Wallets, especially aimed at identifying vulnerabilities in the wallet app and its DApp interactions, ensuring a secure user experience. By conducting audits and addressing identified issues, the Oron Wallet Team has taken a significant step towards securing its platform and safeguarding user trust.