Last updated
Was this helpful?
Submitted on Wed Jul 31 2024 12:35:24 GMT-0400 (Atlantic Standard Time) by @swiss45 for
Report ID: #33862
Report type: Blockchain/DLT
Report severity: Insight
Target: https://github.com/firedancer-io/firedancer/tree/e60d9a6206efaceac65a5a2c3a9e387a79d1d096
Impacts:
Informative - Discord server link takover
The official Discord link in the Firedancer repository is invalid and vulnerable to takeover. An attacker can create a custom Discord invite link for a different server and hijack the communication channel intended for Firedancer users. This issue does not directly impact the core functionality of the Firedancer program but poses a security risk by potentially misleading users to join a malicious Discord server.
The vulnerability allows attackers takeover of the Discord server through a custom invite link leads to redirection to malicious discord server.Users might be misled to join a malicious Discord server. This poses a security risk and may lead to unauthorized access or malicious activities.
To resolve this issue, it is recommended to update and validate the Discord server link
Steps to Reproduce:
Identify the Discord invite link: https://discord.com/invite/7kr7VmPH
Open the link you will see the takeover PoC (swiss server)
Informative Note:
Navigate to the Firedancer repository:
In the GitHub search bar, search for discord:
