coin-img-ESPESP+3.40%coin-img-ETHETH+7.54%coin-img-BTCBTC+4.96%coin-img-SOLSOL+8.40%coin-img-XRPXRP+7.42%coin-img-USDCUSDC-0.02%coin-img-TONCOINTONCOIN+5.58%coin-img-POKEEPOKEE+0.35%coin-img-ESPESP+3.40%coin-img-ETHETH+7.54%coin-img-BTCBTC+4.96%coin-img-SOLSOL+8.40%coin-img-XRPXRP+7.42%coin-img-USDCUSDC-0.02%coin-img-TONCOINTONCOIN+5.58%coin-img-POKEEPOKEE+0.35%coin-img-ESPESP+3.40%coin-img-ETHETH+7.54%coin-img-BTCBTC+4.96%coin-img-SOLSOL+8.40%coin-img-XRPXRP+7.42%coin-img-USDCUSDC-0.02%coin-img-TONCOINTONCOIN+5.58%coin-img-POKEEPOKEE+0.35%coin-img-ESPESP+3.40%coin-img-ETHETH+7.54%coin-img-BTCBTC+4.96%coin-img-SOLSOL+8.40%coin-img-XRPXRP+7.42%coin-img-USDCUSDC-0.02%coin-img-TONCOINTONCOIN+5.58%coin-img-POKEEPOKEE+0.35%
user-avatar
Steven Walgenbach

Brave Researchers Detail Structural Risks in zkLogin Zero-Knowledge Authorization on Sui

In a newly published paper and blog post, Brave security researcher Sofía Celi and colleagues analyze the zkLogin authorization system used in the Sui blockchain ecosystem, warning that its security, privacy, and trust properties rely on assumptions not enforced by the protocol. They describe three main vulnerability classes involving JWT parsing, weak bindings between authentication and authorization, and dependence on centralized identity and proving services. The team says these issues arise from architectural design choices and recommends stricter token validation, stronger issuer and user bindings, and improved consent when forwarding tokens to external services.
Selected
SUI
SUI+8.23%
Disclaimer: The content above is only the author's opinion and does not represent BingX’s stance. It shall not be construed as investment advice from BingX. For details, refer to the Terms and Conditions.