What prevents a dApp from draining a user's ICP?

On the Hackathon DeFi workshop, Eero demonstrates how to deposit ICP into a canister.

There never seems to be any prompt for the user to accept depositing either ICP or DIP20 into the DEX. The frontend code also does not hint at there being any user prompts.

Can a dApp drain all ICP as soon as a user authenticates with II? Should I be very careful about which dApp I sign in to using II?

Be careful which wallet you use. Plug will ask for a confirmation before each transaction and will not let you call the ledger canister directly. Stoic(last I checked) let you call any dapp, including the ledger, with any call once connected and authorized. I would not consider stoic wallet a safe alternative to use at any site that you do not 100% trust. If you are using it for Entrepot you’re likely ok as long as their web server does not get hacked or there is not a bad actor inside the company, but it would be great if future versions prompted for any update calls to make it more secure.

As far as Internet Identity goes, you are somewhat protected by the fact that each dapp gets its own principal for you and thus if you want to transfer funds from that account you have to first transfer funds to that account. This is an annoying step but keeps your funds from being accessed by a rouge dapp.

Ultimately we need a service that will alert the user if they are using a non-certified/non-open-sourced dapp. Covercode.ooo is doing this for the wasm side, but I don’t know if they plan to do the same for the dapp code. It is difficult because dapps can include CSS,js, etc that is external to the certified file, and all of that has to be verified as well.

Origyn will likely have a feature where dapps on the network have to be completely contained HTML with no external dependencies that can be submitted for review by the community and the hash’s approved via community governance.

7 Likes

That explains why the plug wallet exists, thanks! Yes, that’s a little inconvenient when using Internet Identity.

Wow, that seems like an awful security vulnerability for stoic wallet. they should fix that before a black swan lol

remember, the icp community is the same smart crowd that sent 10k icp to proposal dao, the obvious scam. So maybe stoic wallet will have hack events in the future lol

That’s not entirely true, there’s only a prompt for upgrade calls directed to canisters listed in DAB.