Assessment reportsPublic findings
Back to Zellic site
Assessment reports>Reclaim Protocol>Discussion>Spoofing risk via insecure contains/RegEx checks
GeneralOverview
Findings
Critical (4)
High (2)
Medium (5)
Low (6)
Informational (2)
DiscussionSpoofing risk via website data format instabilitySpoofing risk via insecure contains/RegEx checksSensitive data exposure riskUser-phishing riskLack of `postMessage` origin validationProxy/scraping service usageNode centralization risk
Audit ResultsSummary

Spoofing risk via insecure contains/RegEx checks

An additional risk comes from the limited set of assertions supported by the HTTP provider. It currently only supports checking whether a given string is contained in the response or for a RegEx match. This is insufficient to parse HTML data. This may be exploited by an attacker if they are able to partially control some data displayed on the page that Reclaim fetches. For example, a Reclaim data provider for the user's username may be manipulated if the user is able to set their bio, which is also displayed on the same page.

The Reclaim HTTP provider should be updated to support more complex assertions, such as JSON parsing or CSS/XPath selectors.

Zellic © 2025Back to top ↑