π Safe dApp Interaction
Learn how SuperSafe's AllowList system and security features protect you when interacting with decentralized applications.
Security Overviewβ
SuperSafe Wallet implements multiple layers of security to protect you when connecting to and interacting with dApps, including the AllowList system, origin validation, and phishing protection.
Security Score: 96/100β
dApp Security Features:
βββ AllowList System: 98/100 β
βββ Origin Validation: 95/100 β
βββ Phishing Protection: 94/100 β
βββ Permission Management: 96/100 β
βββ Transaction Security: 97/100 β
AllowList Security Systemβ
What is the AllowList?β
The AllowList is a whitelist-based security system that only allows connections from trusted, verified dApps. This prevents malicious websites from accessing your wallet.
AllowList Benefitsβ
- Phishing Protection: Blocks malicious websites
- Trusted dApps Only: Only verified dApps can connect
- Automatic Protection: No manual intervention needed
- Regular Updates: AllowList updated regularly
AllowList Structureβ
Policy Formatβ
{
"policies": {
"https://app.uniswap.org": {
"allowed": true,
"networks": ["0x1", "0xa", "0x14a2"],
"permissions": ["eth_requestAccounts", "eth_sendTransaction"],
"description": "Uniswap - Decentralized Exchange",
"lastUpdated": "2024-01-15",
"riskLevel": "low"
},
"https://opensea.io": {
"allowed": true,
"networks": ["0x1", "0xa"],
"permissions": ["eth_requestAccounts", "eth_sendTransaction", "personal_sign"],
"description": "OpenSea - NFT Marketplace",
"lastUpdated": "2024-01-15",
"riskLevel": "low"
}
}
}
Policy Fieldsβ
- allowed: Whether the dApp is allowed to connect
- networks: Supported network chain IDs
- permissions: Allowed permission types
- description: Human-readable dApp description
- lastUpdated: Last policy update date
- riskLevel: Security risk level (low, medium, high)
AllowList Enforcementβ
Connection Validation Processβ
Connection Validation:
βββ Extract Origin URL
βββ Check AllowList
βββ If Allowed:
β βββ Validate Network Compatibility
β βββ Check Permission Requirements
β βββ Verify SSL Certificate
β βββ Allow Connection
βββ If Not Allowed:
βββ Show Security Warning
βββ Block Connection
βββ Log Security Event
Validation Stepsβ
- Origin Extraction: Extract dApp origin URL
- AllowList Lookup: Check against AllowList
- Network Validation: Verify network compatibility
- Permission Check: Validate requested permissions
- Security Verification: Verify SSL certificates
Origin Validationβ
URL Security Checksβ
HTTPS Requirementβ
- HTTPS Only: Only HTTPS connections allowed
- Certificate Validation: Validate SSL certificates
- Domain Verification: Verify domain authenticity
- Subdomain Support: Support for subdomains
Domain Validationβ
- Domain Check: Verify domain name
- Certificate Check: Check SSL certificate
- Expiration Check: Check certificate expiration
- Chain Validation: Validate certificate chain
Phishing Protectionβ
Visual Security Indicatorsβ
Security Status Indicators:
βββ β
Trusted dApp (Green)
β βββ AllowList Verified
β βββ SSL Certificate Valid
β βββ Low Risk Level
β βββ Full Access Allowed
βββ β οΈ Unknown dApp (Yellow)
β βββ Not in AllowList
β βββ SSL Certificate Valid
β βββ Medium Risk Level
β βββ Limited Access
βββ β Blocked dApp (Red)
βββ Blocked in AllowList
βββ Invalid Certificate
βββ High Risk Level
βββ No Access
Security Warningsβ
- Trusted dApp: Green indicator, full access
- Unknown dApp: Yellow indicator, limited access
- Blocked dApp: Red indicator, no access
- Security Warning: Clear security warnings
Phishing Detectionβ
Common Phishing Patternsβ
- Domain Spoofing: Similar-looking domains
- Certificate Issues: Invalid SSL certificates
- Suspicious URLs: Suspicious URL patterns
- Known Malicious: Known malicious domains
Detection Methodsβ
- Domain Analysis: Analyze domain names
- Certificate Analysis: Analyze SSL certificates
- Pattern Matching: Match against known patterns
- Reputation Checking: Check domain reputation
Permission Managementβ
Permission Typesβ
Account Accessβ
- View Address: View wallet address
- View Balance: View token balances
- View Transactions: View transaction history
- Account Information: Access account details
Transaction Permissionsβ
- Send Transactions: Send transactions
- Sign Transactions: Sign transactions
- Approve Tokens: Approve token spending
- Contract Interaction: Interact with smart contracts
Message Signingβ
- Sign Messages: Sign arbitrary messages
- Personal Sign: Personal message signing
- Typed Data Sign: EIP-712 typed data signing
- Authentication: Login authentication
Network Permissionsβ
- Switch Networks: Switch between networks
- Add Networks: Add custom networks
- Network Information: Access network information
- Chain ID: Access chain ID information
Permission Granularityβ
Permission Levelsβ
- Full Access: All permissions granted
- Limited Access: Specific permissions only
- Read Only: Read-only permissions
- Custom: User-defined permissions
Permission Managementβ
- Per-dApp: Different permissions per dApp
- Time-Limited: Permissions can expire
- Revocable: Permissions can be revoked
- Auditable: Permission history tracking
Connection Securityβ
Connection Request Validationβ
Request Analysisβ
- Origin Verification: Verify request origin
- Permission Analysis: Analyze requested permissions
- Network Compatibility: Check network compatibility
- Security Assessment: Assess security risk
User Consentβ
- Clear Information: Clear request information
- Permission Explanation: Explain what permissions mean
- Risk Assessment: Show security risk level
- User Decision: User makes informed decision
Connection Monitoringβ
Real-time Monitoringβ
- Activity Tracking: Track dApp activity
- Permission Usage: Monitor permission usage
- Suspicious Activity: Detect suspicious activity
- Security Events: Monitor security events
Security Alertsβ
- High Priority: Critical security alerts
- Medium Priority: Important security alerts
- Low Priority: Informational alerts
- Custom Alerts: User-defined alerts
Transaction Securityβ
Transaction Validationβ
Transaction Analysisβ
- Recipient Validation: Validate recipient address
- Amount Verification: Verify transaction amount
- Gas Estimation: Estimate gas requirements
- Risk Assessment: Assess transaction risk
Security Checksβ
- Address Checksum: Verify address checksum
- Balance Check: Check sufficient balance
- Network Validation: Validate network compatibility
- Contract Verification: Verify smart contracts
Signing Securityβ
Message Signingβ
- Content Analysis: Analyze message content
- Purpose Verification: Verify signing purpose
- dApp Verification: Verify requesting dApp
- Risk Assessment: Assess signing risk
Typed Data Signingβ
- Domain Verification: Verify EIP-712 domain
- Type Safety: Verify type safety
- Data Validation: Validate typed data
- Security Check: Check for security issues
Security Best Practicesβ
For Usersβ
Before Connectingβ
- Verify URL: Always verify dApp URL
- Check Security Status: Check security indicators
- Review Permissions: Review requested permissions
- Assess Risk: Assess security risk
During Connectionβ
- Read Carefully: Read all information carefully
- Ask Questions: Ask if unsure about anything
- Verify Details: Double-check all details
- Consider Risks: Consider all risks
After Connectionβ
- Monitor Activity: Monitor dApp activity
- Review Permissions: Review granted permissions
- Check Transactions: Check transaction history
- Report Issues: Report security issues
For dApp Developersβ
Security Implementationβ
- HTTPS Only: Use HTTPS for all connections
- Valid Certificates: Use valid SSL certificates
- Clear Permissions: Request only necessary permissions
- User Education: Educate users about security
Best Practicesβ
- EIP-1193 Compliance: Follow EIP-1193 standard
- Error Handling: Implement proper error handling
- User Experience: Provide clear user experience
- Security Awareness: Maintain security awareness
Troubleshootingβ
Common Issuesβ
Connection Blockedβ
- Check AllowList: Verify dApp is in AllowList
- Check URL: Verify dApp URL is correct
- Check Certificate: Verify SSL certificate
- Contact Support: Contact support if needed
Permission Deniedβ
- Check Permissions: Verify requested permissions
- Check dApp: Verify dApp requirements
- Update Permissions: Update permission settings
- Reconnect: Try reconnecting
Security Warningsβ
- Read Warning: Read security warning carefully
- Verify dApp: Verify dApp authenticity
- Check URL: Check URL for typos
- Report Issues: Report suspicious activity
Security Issuesβ
Phishing Attemptsβ
- Don't Connect: Don't connect to suspicious dApps
- Report Phishing: Report phishing attempts
- Verify URLs: Always verify URLs
- Stay Alert: Stay alert for phishing
Malicious dAppsβ
- Disconnect Immediately: Disconnect from malicious dApps
- Revoke Permissions: Revoke all permissions
- Change Passwords: Change vault password
- Report Incident: Report security incident
Security Monitoringβ
Real-time Monitoringβ
Security Eventsβ
- Failed Connections: Monitor failed connections
- Suspicious Activity: Detect suspicious activity
- Permission Changes: Monitor permission changes
- Security Violations: Detect security violations
Threat Detectionβ
- Phishing Detection: Detect phishing attempts
- Malicious dApps: Detect malicious dApps
- Unauthorized Access: Detect unauthorized access
- Data Exfiltration: Detect data exfiltration
Security Alertsβ
Alert Typesβ
- High Priority: Critical security alerts
- Medium Priority: Important security alerts
- Low Priority: Informational alerts
- Custom Alerts: User-defined alerts
Alert Channelsβ
- In-App Notifications: In-app notifications
- Email Alerts: Email security alerts
- SMS Alerts: SMS security alerts
- Push Notifications: Push notifications
Next Stepsβ
Now that you understand dApp security:
- Security Configurations - Configure security settings
- Vulnerability Reporting - Report security issues
- Connecting to dApps - Learn connection process
- Advanced Topics - Advanced security topics
Ready to configure security? Continue to Security Configurations!