ZENGO
zengo
ZenGo uncovers dApp vulnerability
ZenGo has discovered a security vulnerability called the "red pill attack" in decentralized applications or dApps. The vulnerability allowed malicious dApps to steal user assets using opaque transaction approvals. Many leading vendors, including Coinbase Wallet, were vulnerable to such attacks. ZenGo found that developers took a shortcut in setting "Special Variables" to arbitrary values during simulation, leaving the simulation vulnerable to attack. ZenGo said the fix was straightforward and urged developers to populate vulnerable variables with meaningful values.