# Boost \_ Firedancer v0.1 33862 - \[Blockchain\_DLT - Insight] Discord Server Vulnerable to Takeover in Submitted on Wed Jul 31 2024 12:35:24 GMT-0400 (Atlantic Standard Time) by @swiss45 for [Boost | Firedancer v0.1](https://immunefi.com/bounty/firedancer-boost/) Report ID: #33862 Report type: Blockchain/DLT Report severity: Insight Target: Impacts: * Informative - Discord server link takover ## Description ## Vulnerability Details The official Discord link in the Firedancer repository is invalid and vulnerable to takeover. An attacker can create a custom Discord invite link for a different server and hijack the communication channel intended for Firedancer users. This issue does not directly impact the core functionality of the Firedancer program but poses a security risk by potentially misleading users to join a malicious Discord server. ## Impact: The vulnerability allows attackers takeover of the Discord server through a custom invite link leads to redirection to malicious discord server.Users might be misled to join a malicious Discord server. This poses a security risk and may lead to unauthorized access or malicious activities. ## Fix: To resolve this issue, it is recommended to update and validate the Discord server link ## Proof of concept **Steps to Reproduce:** 1. Navigate to the Firedancer repository: [Firedancer Repository](https://github.com/firedancer-io/firedancer/tree/e60d9a6206efaceac65a5a2c3a9e387a79d1d096) 2. In the GitHub search bar, search for `discord`: [Search Results](https://github.com/search?q=repo%3Afiredancer-io%2Ffiredancer%20discord\&type=code) 3. Identify the Discord invite link: `https://discord.com/invite/7kr7VmPH` 4. Open the link you will see the takeover PoC (swiss server) **Informative Note:** ### I am reporting this as an informative issue as it is not within the scope of impact. I reported this based on the security issue of the Discord server link being vulnerable to takeover. ### The status and severity of this issue are at your discretion. If you find this report unacceptable, please feel free to close it. I apologize if I have done anything wrong in reporting this issue. I will not make any further reports like this. If the report is closed, I will take down the PoC for the Discord server takeover. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://reports.immunefi.com/firedancer-v0.1/boost-_-firedancer-v0.1-33862-blockchain_dlt-insight-discord-server-vulnerable-to-takeover-in-fireda.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.