![]() ![]() Malicious extension/plugin might be able to read tokens from sqlite database the browser uses to store tokens if file level access is given to the extension/plugin, allowing potentially votes to be cast by said extension/plugin using user’s tokens.MITM - between user and payment service, payment service and challenge bypass.Publicly exposed endpoints ( payments service ).Funding source for transactions (Uphold).Unauthorized access to orders and transactions.Replay of already redeemed voting tokens.Malicious user modifying voting payload.Brave using transaction information to identify the user.“Replaying” the same transaction against multiple different orders.User sending funds with the wrong amount or to the wrong destination ( e.g. ![]() Server secrets being leaked, the signing key, database credentials, etc.DDoS against publicly exposed endpoints ( payments service ).User computers, Brave browser installation with stored secrets.Lay the groundwork for the full featured SKUs product.Eliminate the usage of anonize in favor of a privacy pass based protocol.Allow us to distinguish between user and anonymous card funds.Prevent auto-contribute from being under-funded ( a user should not be able to contribute more funds than were transferred to Brave ).Allow the user to contribute to publishers in proportion to their attention without revealing their browsing history in a linkable way with user funds and anonymous card funds.
0 Comments
Leave a Reply. |