Dear @OneKeyCN Developers,
Is there a way to automatically verify the consistency between installed plugins and official builds, so as to avoid being "dropped", "dismounted" by fake plugins, or fake frontends?
Can the plugin force the official ASC and SHA256 signatures to be matched at each runtime, and enable SRI and CSP at the same time to ensure the consistency of upstream and downstream?
In addition, if the hacker has directly obtained ring0/rootkit permissions through the Trojan horse to the local environment, and can arbitrarily patch memory and hook verification functions, how should the hardware be used to make the final cover?
For example, the hardware has built-in local ABI parsing, which can parse the real transaction content of mainstream protocols such as Aave, Morpho, Lista, and Gnosis Safe, instead of only showing HEX to users, because blind signatures are not readable at all.
I think this will be what a lot of people really need, thank you.
An ordinary user.
Show original
34.57K
107
The content on this page is provided by third parties. Unless otherwise stated, OKX is not the author of the cited article(s) and does not claim any copyright in the materials. The content is provided for informational purposes only and does not represent the views of OKX. It is not intended to be an endorsement of any kind and should not be considered investment advice or a solicitation to buy or sell digital assets. To the extent generative AI is utilized to provide summaries or other information, such AI generated content may be inaccurate or inconsistent. Please read the linked article for more details and information. OKX is not responsible for content hosted on third party sites. Digital asset holdings, including stablecoins and NFTs, involve a high degree of risk and can fluctuate greatly. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition.