You are viewing a single comment's thread from:

RE: Bid.Bot Now 60000 SP and Growing! Delegate Now to Get The Best Estimated ROI!

in #bidbot6 years ago

Hi,

you have a critical bug in your api. It is possible to perform actions on the behalf of every user. And it seems that you don't catch errors returned from the me method in the steemconenct sdk. At least your server does not respond with anything when the access_token field is invalid. You could use a JWT library and decode the incoming access_token and validate the proxy which should be your sc2 app.

Kind regards,

The Secret Service