Leap Wallet Airdrop Review: Super Wallet for Terra

0
268
Leap Wallet Airdrop Review: Super Wallet for Terra

About Leap Wallet Airdrop

Leap Wallet Airdrop is a next-generation wallet for Terra that brings dApp access, staking, DeFi, NFTs, identity, social, web3 and web2 app interactions into one platform. They aim to become the most user-friendly crypto wallet for Terra and your gateway to every exciting aspect of the Terraverse.

Leap Wallet is airdropping 125,000 LEAP per day to users who make swaps, stake and do Anchor deposits from the wallet. Download the app for Chromium browsers and do swaps, stake and anchor deposits to get a share of the daily pool. The rewards will be calculated and distributed within 24 hours.

PlatformAirdrop endsMax. ParticipantsWebsite
Solana2022-08-08UnlimitedClick Here To Visit

Step No 1

Register for the Leap Wallet Airdrop by creating an account.

Step No 2

Verify your email & log in to your account.

Step No 3

Take part in the referral program and invite 3 friends.

Step No 4

Join Leap Wallet Airdrop on Telegram group & Telegram channel

Step No 5

Follow Leap Wallet Airdrop on Twitter & like/share the pinned tweet and tag 3 friends.  

Step No 6

Like/follow Leap Wallet Airdrop on Facebook & like/share the pinned post.  

Step No 7

Submit your details to the Leap Wallet Airdrop form. 

Super Wallet for Terra

Leap Wallet is the simplest & safest way to store, send, swap and stake tokens on the Terra blockchain.

Why Leap?

Safety & Privacy First – We’re a non-custodial wallet, which means they don’t keep your keys.

Instant, In-wallet Swaps – Swap with Terraswap, Astroport & Loop at the best prices.

Protocol Integrations – Explore Anchor, Stader & many other Terra dapps in-wallet.

Staking, Simplified – Earn rewards by staking directly inside your wallet.

Show Off Your NFTs – View your NFT collections, track floor prices and send them to friends.

Portfolio Tracking – Check your net worth and asset breakdown across different types and protocols.

Test Approach

Halborn performed a combination of manual and automated security testing to balance efficiency, timeliness, practicality, and accuracy regarding the scope of the pentest. While manual testing is recommended to uncover flaws in logic, process and implementation; automated testing techniques assist enhance coverage of the infrastructure and can quickly identify flaws in it. The following phases and associated tools were used throughout the term.

• Storing private keys, mnemonic, seed, and assets securely
• Exposure of any critical information during user interactions with the blockchain and external libraries
• Any attack that impacts funds, such as draining or manipulating of funds
• Application Logic Flaws
• Areas where insufficient validation allows for hostile input
• Exploitation of the webview to gain control of the wallet
• Application of cryptography to protect secrets
• Brute Force Attempts
• Input Handling
• Fuzzing of all input parameters
• Test for Injection (XSS/JSON/HTML)
• Web extension misconfiguration

Risk Methodology

Vulnerabilities or issues observed by Halborn are ranked based on the risk assessment methodology by measuring the LIKELIHOOD of a security incident and the IMPACT should an incident occur. This framework works for commu- nicating the characteristics and impacts of technology vulnerabilities.

The quantitative model ensures repeatable and accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the Risk scores. For every vulnerability, a risk level will be calculated on a scale of 5 to 1 with 5 being the highest likelihood or impact.

Automatically

Leap Wallet allows the user to automatically fetch/show NFT images as- sociated with the user’s wallet. A highly motivated actor could craft many NFTs, send them to a victim and obtain their IP address, thereby compromising their privacy. If malicious actors get additional information from the IP address (think geolocation, GSM operator, etc.),

Solutions

One of the solutions would be for the wallet app to require an explicit confirmation from the user to access the domain abc.xyz when fetching the remote image of the NFT, informing the user that this may result in an IP address leak. Another option would be to fetch the remote image in the backend or any kind of network middleware and not in the wallet app.