DeRisk
Chrome extension that helps to alert user of suspicious website before signing transaction
Project Description
There has been many prominent web2 cyber attacks on popular protocols such as curve finance and cream finance which resulted in over 1B dollar. Common attacks are through DNS poisoning and phishing attacks which leads you to a fraudulent webpage to approve malicious contracts
A chrome extension that will popup before approving metamask's transaction that informs users of the various factor
- DNS of the website
- IP Address of the website
- Smart contract address of the transaction
- Potential vulnerabilities of the smart contract
The extension will compare these information against the information stored in our smart contract to determine the validity of the information.
How it's Made
Some of the technologies that we utilized are ReactJs for the frontend, solidity for writing of the smart contracts, Flask and NodeJs for our backend.
Upon initiating the transaction signing process where the metamask pops up, our chrome extension will open and retrieve the domain url of the website requesting the signature. It will then send to our NodeJs server which we will theoretically check against the smart contract's data to see whether the IP and DNS address matches the particular domain url. If the user wants to verify the vulnerabilities and legibility of the smart contract that they are signing, they will input the smart contract address which we will then send it to our NodeJs backend and check against the smart contract and also Python backend where it will run Slither, the Solidity source analyzer to see whether is it contains vulnerabilities.
