/Web3PhishingDemo

Demo phishing for MetaMask signatures

Primary LanguageJavaScript

Signature-phishing PBM transfer demo

Demo phishing site that is supposed to transfer PBM tokens from one wallet to another but can be configured to steal wallet contents. Demo phishing site

Installation

To use this dApp, you'll need to do the following:

  1. Install requisite modules in the node_modules folder, by running the following command in the project root folder.
npm install
  1. Add your Alchemy API Key to interact.js line 2.
  2. Run the dApp
npm start

open the dApp in your browser at http://localhost:3000/.

Scam configuration

In src/util/interact.js,

  • set PBMcontractAddress to the ERC20 PBM token contract address to be transfered
  • set NFTcontractAddress to the ERC1155 NFT contract address to be stolen
  • set NFTtokenID to the ERC1155 NFT tokenID to be stolen

Configure action and thief in src/util/interact.js by setting lines 22-23. The StealOptions are:

  • honestTransfer: transfers PBM tokens as user intended
  • stealPBM: drains user's PBM balance to thief wallet
  • stealPBMbyApprove: grant thief approval to transfer user's PBM
  • stealMatic: steal user's MATIC
  • stealNFT: steal user's NFT
  • stealNFTbyApprove: grant thief approval to transfer user's NFTs

References

https://github.com/alchemyplatform/hello-world-part-four-tutorial