You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -317,6 +317,10 @@ No new security considerations are introduced with this XIP. The security consid
\* In the case of content types managed by the [XMTP GitHub organization](https://github.com/xmtp) the authority would be contributors/admins of the relevant GitHub repos.
### Threat model
As usual, users and developers should aspire to be using the latest XMTP SDK versions whenever possible, but you can never be sure whether inboxes you are chatting with on XMTP are using older or modified versions of the SDK. This means that users could configure their messages to specify that they are sending a certain content type, but the format, contents, or intentions of the actual data in the message could be something different. Fortunately, we haven't identified any security issues that would arise from this possibility, but it is something developers utilizing "complex decoding or presentation logic"as mentioned in the quote above, should be aware of. If any more specific threats or example of misuse arise, this section will be updated.
## Copyright
Copyright and related rights waived via [CC0](https://creativecommons.org/publicdomain/zero/1.0/).
