Now. I know that won’t solve everything. Watch a minute from that video from the start time I have set. You won’t regret it
String function or even
fetch. Which could result in taking user keys. Or it can be replacing canister call parameters during fetch.
Without taking precautions and ‘hardening’ our dapps. I suppose for that to really blow in our faces, a hacker would have to specifically target a dapp. The dapp needs to be worthwhile their time and have a big honeypot. Then they would go through significant trouble to… for example, inject malicious code in a js package, required by another js package of a very popular Chrome extension or the dapp itself.
Is there another way to set up your dapp, which will shield contracts and require a hardware signature each time user makes a certain update call?
I can’t find anything related in this forum. It seems that this kind of thing will affect all dapps