Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add revoke permissions #26
Add revoke permissions #26
Changes from 10 commits
00c2f75
3cb664b
d657390
4e6f8cd
ebba7e6
3177342
7f46872
cd59dc4
7185b1c
973383f
42e98f6
db822ab
52b2c63
25c291c
9a2aade
6f6dd26
5481ebe
da0ee61
6a41832
f2ee60b
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems more like an inconvenience than an actual threat. If an attacker could run arbitrary code on the page for a Dapp, it seems more likely that they would make requests as is or even request more permissions rather than revoke them. I suppose it would be possible that permissions are revoked on the real Dapp in an effort to confuse the user and get them to approve them on a phishing Dapp? Or perhaps constantly revoking permissions that the real Dapp requests and then attempting to slip in a malicious request for permissions among the many reapproval prompts that may prompt the user? Idk
This is already labeled as a minor risk though
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Something we should consider in the future is keeping track of the last time a permission was used by a Dapp and periodically suggesting a list of stale permissions to the user that can be revoked (or even just automatically revoking).