뒤로

플레어 트랜잭션 검증기 앱은 이제 iOS와 Android에서 사용할 수 있습니다.

The Transaction Verifier uses QR codes to confirm the validity of any transaction carried out on the Flare Portal.

When signing transactions on a website like https://portal.flare.network/, there are three main attack vectors to be aware of:

  1. A spoofed website with a very similar URL.
  2. The dapp you are signing the transaction with has been hacked.
  3. The libraries submitting the transaction to your wallet are hacked.

For the first, there is no substitute for diligence. Only access the Flare Portal from the main Flare website, and very carefully verify there are no strange characters in the url. For the other two risks, there is the Flare Transaction Verifier.

If the dapp you are interacting with has been hacked, it might send an incorrect or malicious transaction to your wallet to sign. If the libraries have been hacked, the dapp will send you the correct transaction, but it will be changed by the library handling the connection before it reaches your wallet. In both cases, the transaction displayed in your wallet won’t match the one shown in the Flare Transaction Verifier app, so it will be clear that you should not proceed. It is also important to check that the displayed details correctly describe the transaction you are expecting.

Instructions for use

  1. Download and install “Flare Transaction Verifier” on your mobile device. There are iOS and Android versions.
  2. When you submit a transaction on the Flare Portal (https://portal.flare.network) to your wallet, the Portal will display a window with a QR code.
  3. Open the “Flare Transaction Verifier” app and scan the QR code.
  4. It will show the details of the transaction you sent to your wallet. Ensure these details describe the transaction you are expecting and match the data shown in your wallet. If it does not match, do not proceed with the transaction and alert the team immediately.
  5. In some cases (e.g. staking with Metamask), the wallet will only show a message you are about to sign (which represents a hash of your transaction data). You can click on the “Verify with OCR” button to check if the messages are identical. This will prove that the message you are about to sign is exactly the hash of the data shown in the Flare Transaction Verifier app.