# Common Risks in DApp Development

DApp security risks come from various sources. Below are some common threats that developers and auditors need to address to ensure a safe experience for users.

* **Phishing Attacks**:
  * Attackers may create fake versions of a DApp’s front end to trick users into entering their private keys or personal information.
  * This can lead to unauthorized access to user accounts and theft of funds. Phishing is particularly dangerous in decentralized systems, where users are responsible for their own security.
* **Front-End Vulnerabilities**:
  * The front end of a DApp is often hosted off-chain, such as on a website. This can make it vulnerable to traditional web-based attacks, like cross-site scripting (XSS) or cross-site request forgery (CSRF).
  * These vulnerabilities can allow attackers to manipulate the user interface, intercept data, or even redirect users to malicious sites.
* **Unprotected APIs**:
  * DApps frequently interact with external APIs to pull data or communicate with blockchain networks. If these APIs are not properly secured, attackers can exploit them to intercept or alter data.
  * An unprotected API can allow unauthorized access to the DApp’s functionalities or expose sensitive information about the application and its users.

[<br>](https://ishmanwtf.gitbook.io/oxaudit.app/dapp-auditing/introduction-to-dapp-security)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://doc.auditx.net/auditx-ecosystem/services/dapp-auditing/common-risks-in-dapp-development.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.