Skip to content

S07:2023 - Error Handling 🚦🤷‍♂️

Overview

Whether it's the neglect of error handling, the discreet dismissal of unhandled RPC methods, obscure error messages, or the inadvertent disclosure of sensitive information, this category stands at the esteemed rank of #7 in the Snap Security Top 10.

Description

Error handling involves the proper management and communication of errors that occur during the execution of the Snap. Inadequate error handling can lead to the exposure of sensitive information, unintended application behaviors, or denial of service. A well-designed error handling mechanism not only enhances the overall user experience by providing clear and actionable feedback but also plays a crucial role in preventing security incidents and aiding in the timely identification and resolution of issues.

  • Lack of error handling.
  • Graceful continuation.
  • Missing timeouts and lack of resource protection.
  • Unhelpful or misleading error message.
  • Fragile code that lacks robust handling of data.
  • Lack of information for server side version monitoring.
  • Unhandled exceptions may degrade Snap performance.
  • RPC handler does not return error on unhandled method.

How to Prevent

  • Use custom error messages that provide meaningful information to users without revealing sensitive details about the application's internals.
  • Avoid exposing stack traces or debugging information in error messages presented to end-users.
  • Implement comprehensive logging to record detailed information about errors, warnings, and exceptions.
  • Set up monitoring systems to promptly detect and alert on unexpected or anomalous error patterns.
  • Design the extension to gracefully degrade in the face of errors, ensuring that critical functionalities remain operational, and users are not left with a broken or insecure application.
  • Develop user-friendly error pages that guide users on how to proceed, report the issue, or access support resources.
  • Avoid exposing technical details that could be leveraged by attackers to exploit vulnerabilities.

Example Misuse Scenarios

Scenario #1: Graceful continuation

A dApp calls API methods on a Snap that do not exist. The Snap does not return an error but gracefully continues instead. The lack of error reporting to the caller may lead to errors going unnoticed.

Scenario #2: Information Disclosure

Exploiting inadequate error handling, attackers orchestrate a scenario where sensitive information, such as the Snaps state storage, is inadvertently disclosed.

For example, in an insecurely designed Snap an error object returned to the dApp may contain the SnapStorage revealing sensitive information.

Another example is the snap logging sensitive information (i.e. RPC Call parameters) to the browsers console.

Scenario #3: Denial of Service

Improperly managed errors may potentially be exploited to trigger a cascade of failures, leading to a denial of service condition and rendering the extension unresponsive. For example, it was observed that Snaps that fail to handle uncaught exceptions may run into timeouts, making Snap communication less responsive.

Scenario #4: Stack Traces Exposure

In this scenario, attackers capitalize on the inadvertent exposure of stack traces within error messages. Stack traces may contain sensitive information (e.g. SnapState) and serve as a roadmap for attackers, offering a detailed view of the application's inner workings and aiding in the identification of exploitable points for further, targeted attacks.