Description

Since October of last year (2021) when Facebook changed the name of the parent company to Meta, we have heard the word Meta and Metavers a lot. For the first time, this talk wants to review all the vulnerabilities that threaten users and infrastructure owners at different layers.In general, Metavers is a full-scale digital life experience. This talk will cover all possible attack vectors that threaten Metaverse infrastructure as well as users. I will start with vulnerabilities in common layers like specific flaws in libraries, basic classes and so on. Then I’ll go one step forward to the component layer which I think is very interesting; because we will deep dive into the P2P network, database, and transaction verification module. “Model Layer” will be the next stop in the session to demonstrate potential vulnerabilities on Ledger
and Account which are two main modules in this layer. In addition in “Service Layer”, HTTP/query/subscription services will be under attack which is the most part of Metaverse architecture as they are connecting blockchain core node servers to human-machine interface using APIs, Json RPC and WebSocket. The final section will be dedicated to endpoint clients like browser based attacks and sophisticated attacks on mobile clients.