Problem
The preload script (electron/preload/index.ts) exposes approximately 298 IPC methods to the renderer process via contextBridge.exposeInMainWorld(). This includes highly sensitive operations:
wallet.exportPrivateKey() — exports private keyswallet.sendSol(), wallet.sendToken() — financial transactionsvault.store(), vault.retrieve() — credential storageemail.send() — email dispatchdeploy.connectVercel() — OAuth token storage
Impact
Any XSS vulnerability in the renderer would grant an attacker full access to all exposed methods. While context isolation and sandbox are properly enabled, the large API surface increases the value of any XSS exploit.
Suggested Approach
- Audit which methods truly need direct renderer access
- Gate sensitive operations (key export, transactions, credential storage) behind re-authentication or confirmation dialogs at the IPC handler level
- Consider splitting the preload into privilege tiers (read-only vs. mutating operations)
Problem
The preload script (
electron/preload/index.ts) exposes approximately 298 IPC methods to the renderer process viacontextBridge.exposeInMainWorld(). This includes highly sensitive operations:wallet.exportPrivateKey()— exports private keyswallet.sendSol(),wallet.sendToken()— financial transactionsvault.store(),vault.retrieve()— credential storageemail.send()— email dispatchdeploy.connectVercel()— OAuth token storageImpact
Any XSS vulnerability in the renderer would grant an attacker full access to all exposed methods. While context isolation and sandbox are properly enabled, the large API surface increases the value of any XSS exploit.
Suggested Approach