Suppose a malicious dApp attacker created dApp “Bad”, and there is a legit dApp “Good”, and there is a user Alice.
Steps like this:
1, The attacker connects to dApp “Good” and established a wallet-connect session using Alice’s address (this is doable since in the wallet-connect’s session request step, you can response with any address, no sign required in this step), now the attacker (disguised as Alice) has an active wallect-connect session with dApp “Good”. Then suppose the dApp “Good” asks for a transaction from Alice’s address to dApp “Good” 's address, and wait for a response.
2, The attacker asks the real user Alice to connect to his dApp “Bad” (the attacker could phish users like say it is a reward program and Alice may bite it). Since the attacker is the creator of dApp “Bad”, the attacker now has an active wallet-connect session with real user Alice. Then the attacker starts a transaction whose sender address is Alice and receiver is dApp “Good” address from his dApp “Bad”, then asks Alice to sign it. Alice signed and sent back to the attacker.
3, Now the attacker can respond the signed txn data via the connected wallet-connect session in the 1st step. Once the dApp “Good” received the signed transaction, treated it as Alice signed the txn to use dApp “Good” and do other logics, although during the whole process Alice never touched the dApp “Good”
It is like the attacker uses a malicious dApp to play the man-in-the-middle attack. Is the above process possible? and if it is, is there a way to prevent it?
Thank you