Back
Medium · CVSS 4Business Logic Errors (CWE-840)

Authorization Bypass in Starknet Snap via enableAuthorize parameter leads to unauthorized transaction signing

hackerone-reports
hackerone-reports
March 13, 2026
7
€0

Vulnerability Summary

HackerOne disclosed report --> https://hackerone.com/reports/3507241 by aszx87410

Summary:

The Starknet Snap by Consensys contains a critical security vulnerability that allows malicious websites to bypass user authorization when signing messages or transactions. The vulnerability exists in the enableAuthorize parameter which can be controlled by any website. When set to false, the confirmation dialog is not shown to the user, allowing a malicious website to sign arbitrary messages or transactions without user approval, potentially leading to asset theft.

Steps To Reproduce:

  1. Make sure MetaMask is installed
  2. Visit https://snaps.consensys.io/starknet
  3. Click "Connect with MetaMask" button to install the StarkNet Snap
  4. Download the html file: "exp-starknet.html" and host it on local port 5555
  5. Visit http://localhost:5555/exp-starknet.html
  6. Click "start PoC" button

Identification Required

You must be logged in to read this writeup. Join our community of researchers today.

Sign InRegister

Related Writeups

pyus3rpyus3r

Exploiting Business Logic: Inventory Depletion via Parameter Tampering

This writeup documents a critical Business Logic Error (CWE-840) discovered in the payment flow of an event-driven e-commerce platform.

Read Writeup →

Discussion

No comments yet. Be the first to share your thoughts.

Log in to join the discussion.

Sign In