Business Logic Errors (CWE-840)CVSS 4Hard

Authorization Bypass in Starknet Snap via enableAuthorize parameter leads to unauthorized transaction signing

hackerone-reports

March 13, 2026

50 views

Save

€0

Vulnerability Summary

HackerOne disclosed report --> https://hackerone.com/reports/3507241 by aszx87410

Summary:

The Starknet Snap by Consensys contains a critical security vulnerability that allows malicious websites to bypass user authorization when signing messages or transactions. The vulnerability exists in the enableAuthorize parameter which can be controlled by any website. When set to false, the confirmation dialog is not shown to the user, allowing a malicious website to sign arbitrary messages or transactions without user approval, potentially leading to asset theft.

Steps To Reproduce:

Make sure MetaMask is installed
Visit https://snaps.consensys.io/starknet
Click "Connect with MetaMask" button to install the StarkNet Snap
Download the html file: "exp-starknet.html" and host it on local port 5555
Visit http://localhost:5555/exp-starknet.html
Click "start PoC" button

Identification Required

You must be logged in to read this writeup. Join our community of researchers today.

Sign In Register

Related Writeups

ZiadMomen

Business Logic Flaw Allowing Free Plan Users to Assign Restricted Roles

The bug was a Business Logic vulnerability that allowed users to access paid features while they were on a free plan.

Read Writeup →

hackerone-reports

Business Logic Bypass Allows Setting “Read Access” Role Without Pro Plan Subscription

HackerOne disclosed report --> https://hackerone.com/reports/3591764 by ziadmomen

Read Writeup →

pyus3r

Exploiting Business Logic: Inventory Depletion via Parameter Tampering

This writeup documents a critical Business Logic Error (CWE-840) discovered in the payment flow of an event-driven e-commerce platform.

LogicalBreach Academy