Description
The 购买 (Buy) button has a tooltip/aria-label that reads "Set VITE_MOONPAY_API_KEY to enable MoonPay", exposing an internal environment variable name to end users.
Steps to Reproduce
- Open the wallet dashboard
- Hover over or inspect the 购买 (Buy) button
Expected Behavior
User-friendly message shown, e.g. "购买功能暂不可用".
Actual Behavior
Tooltip reads: "Set VITE_MOONPAY_API_KEY to enable MoonPay"
Severity
Critical — information disclosure / developer config leak
Description
The 购买 (Buy) button has a tooltip/aria-label that reads "Set VITE_MOONPAY_API_KEY to enable MoonPay", exposing an internal environment variable name to end users.
Steps to Reproduce
Expected Behavior
User-friendly message shown, e.g. "购买功能暂不可用".
Actual Behavior
Tooltip reads: "Set VITE_MOONPAY_API_KEY to enable MoonPay"
Severity
Critical — information disclosure / developer config leak