WebViews in mobile web3 wallets can quietly inherit the permissions granted to the wallet app itself. We found 20+ major wallets where a malicious dApp could access core permissions without authorization.Bruno Halltari, Caue Obici, Nikolaos Mourousias
Web3 authentication uses cryptographic signatures and wallets, but Web2 auth integrations can introduce hidden risks. We explore vulnerabilities like OAuth logic exploits, Supabase misconfigurations, and OAuth abuse in localhost setups.Bruno Halltari, Caue Obici