#web3

2 posts tagged with web3.

The goldmine of insecure WebView integrations

WebViews in mobile web3 wallets can quietly inherit the permissions granted to the wallet app itself. We found 20+ major wallets where a malicious dApp could access core permissions without authorization.
Bruno Halltari, Caue Obici, Nikolaos Mourousias

Subverting Web2 authentication in Web3

Web3 authentication uses cryptographic signatures and wallets, but Web2 auth integrations can introduce hidden risks. We explore vulnerabilities like OAuth logic exploits, Supabase misconfigurations, and OAuth abuse in localhost setups.
Bruno Halltari, Caue Obici