Skip to content

Content(add): smart contract interaction security page under wallet-security#377

Open
artemisclaw82 wants to merge 1 commit intosecurity-alliance:developfrom
artemisclaw82:content/smart-contract-interaction
Open

Content(add): smart contract interaction security page under wallet-security#377
artemisclaw82 wants to merge 1 commit intosecurity-alliance:developfrom
artemisclaw82:content/smart-contract-interaction

Conversation

@artemisclaw82
Copy link

@artemisclaw82 artemisclaw82 commented Feb 15, 2026
edited
Loading

Summary

Adds a new page at docs/pages/wallet-security/smart-contract-interaction-security.mdx covering security practices for the interaction layer between having a secure wallet and signing a transaction. Updates sidebar navigation.

Closes #332

What's included

  • Contract Verification — Verifying addresses against official sources, block explorers, bytecode comparison
  • Transaction Simulation — Tenderly, Phalcon, Rabby simulation, fork-testing for high-value transactions
  • Token Approval Hygieneapprove() risks, exact vs unlimited amounts, permit()/EIP-2612 dangers, Revoke.cash
  • Signature Request Scrutiny — Risk table for signature types, EIP-712 analysis, phishing red flags
  • Slippage and MEV Protection — Slippage tolerance, Flashbots Protect, MEV Blocker, multi-hop route inspection
  • dApp Connection Security — URL verification, wallet disconnection, risk-profile separation
  • Common Attack Patterns — Address poisoning, clipboard malware, ice phishing, permit phishing
  • Quick Reference Checklist — 7-item checklist for every interaction

Files changed

  • docs/pages/wallet-security/smart-contract-interaction-security.mdx — New page
  • vocs.config.ts — Added Smart Contract Interaction Security to Wallet Security sidebar (dev: true)

Design decisions

  • No duplication: Signing verification mechanics referenced via internal links to existing pages. Tool listings reference the Tools & Resources page.
  • Fills a gap: Existing wallet-security covers wallet selection, seed phrases, signing verification, and multisig — but not user behavior during dApp interaction.

Template compliance

  • YAML frontmatter (title, description 140-160 chars, tags, contributors)
  • Key Takeaway (≤40 words)
  • Import paths correct
  • TagProvider/ContributeFooter structure
  • Sidebar entry with dev: true
  • Internal links verified (6 cross-references)
  • External URLs verified
  • Signed commit (GPG)

@vercel
Copy link

vercel bot commented Feb 15, 2026

@artemisclaw82 is attempting to deploy a commit to the Security Alliance Team on Vercel.

A member of the Team first needs to authorize it.

@artemisclaw82 artemisclaw82 force-pushed the content/smart-contract-interaction branch from f4a69a8 to 6b81fa6 Compare February 15, 2026 11:37
@artemisclaw82 artemisclaw82 marked this pull request as draft February 15, 2026 11:40
@artemisclaw82
Copy link
Author

artemisclaw82 commented Feb 15, 2026

Disclosure: This content was written by Artemis, an AI assistant operated by @DicksonWu654. It has not yet been reviewed by a human. Dickson will review and revise before marking as ready for review.

Keeping as draft until that review is complete.

@scode2277 scode2277 added the content:add This issue or PR adds content or suggests to label Feb 16, 2026
DicksonWu654
DicksonWu654 suggested changes Feb 24, 2026
View reviewed changes
@artemisclaw82 artemisclaw82 force-pushed the content/smart-contract-interaction branch from 6b81fa6 to 533dcf6 Compare February 24, 2026 05:24
@github-actions
Copy link

github-actions bot commented Feb 24, 2026

Sidebar Configuration Reminder

Documentation files update:

New in this push:

  • docs/pages/wallet-security/smart-contract-interaction-security.mdx (added) ← NEW

Please ensure that:

  • The sidebar in vocs.config.tsx has been updated to include these files
  • New content has the dev: true parameter so it's marked as under development
  • Sidebar links match the file paths - use the preview deployment to verify

See Contributing Guide – Sidebar & Navigation for more details.

This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message.

DicksonWu654
DicksonWu654 suggested changes Mar 1, 2026
View reviewed changes
artemisclaw82
artemisclaw82 commented Mar 1, 2026
View reviewed changes
Copy link
Author

@artemisclaw82 artemisclaw82 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed all comments:

  • QuillAudits contributor added to contributors.json with full profile (avatar, GitHub, Twitter, website, description)
  • Removed "— topics not covered elsewhere in the framework"
  • Address poisoning expanded: fake tokens/NFTs, explorers, Safe UIs, don't copy from recent activity
  • Clipboard malware now includes remediation: stop transacting, move funds from clean device, rotate credentials
  • Multi-hop routes clarified: aggregators routing through unintended intermediary pools — this is a real DEX concern with aggregators like 1inch/Paraswap
  • Ice phishing is real — coined by Microsoft in Feb 2022. Added citation.
  • Permit signature phishing merged into the EIP-2612 section above (was redundant with it)

DicksonWu654
DicksonWu654 suggested changes Mar 1, 2026
View reviewed changes
@artemisclaw82
Copy link
Author

artemisclaw82 commented Mar 1, 2026

Fixed — reverted the contributors.json formatting changes. Now only adds the quillaudits entry without reformatting any existing entries.

DicksonWu654
DicksonWu654 suggested changes Mar 1, 2026
View reviewed changes
@artemisclaw82
Copy link
Author

artemisclaw82 commented Mar 1, 2026

Fixed — restored the 4 deleted contributors (gunnim, madjin, monperrus, smagdali). They were lost when I reset to develop which did not have them yet. Now using the branch prior state as base, with only the quillaudits entry added.

DicksonWu654
DicksonWu654 suggested changes Mar 1, 2026
View reviewed changes
DicksonWu654
DicksonWu654 suggested changes Mar 2, 2026
View reviewed changes
@artemisclaw82
content(add): smart contract interaction security page (closes securi…
c681b13 
…ty-alliance#332)

- New page: docs/pages/wallet-security/smart-contract-interaction-security.mdx
- Add QuillAudits contributor to contributors.json
- Add sidebar entry with dev: true

Rebased cleanly on develop — no unrelated contributor changes.
@artemisclaw82 artemisclaw82 force-pushed the content/smart-contract-interaction branch from ff0e800 to c681b13 Compare March 2, 2026 20:08
DicksonWu654
DicksonWu654 approved these changes Mar 2, 2026
View reviewed changes
Copy link
Collaborator

@DicksonWu654 DicksonWu654 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm now - please undraft

@artemisclaw82 artemisclaw82 marked this pull request as ready for review March 2, 2026 20:11
@github-actions
Copy link

github-actions bot commented Mar 3, 2026
edited
Loading

built with Refined Cloudflare Pages Action

⚡ Cloudflare Pages Deployment

Name Status Preview Last Commit
frameworks ✅ Ready (View Log) Visit Preview c681b13

@scode2277
Copy link
Collaborator

scode2277 commented Mar 3, 2026

@mattaereal ready to go! Thanks @DicksonWu654!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scode2277 scode2277 scode2277 approved these changes

+1 more reviewer

@DicksonWu654 DicksonWu654 DicksonWu654 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

content:add This issue or PR adds content or suggests to

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Wallet and Smart Contract Interaction Security

3 participants

@artemisclaw82 @scode2277 @DicksonWu654