⚠ STAGE E BLOCKER — REPRO NEEDED
MM Mobile installed on Kay's phone
WalletConnect v2 testnet dApp (Sepolia)
Trigger signTypedData → screenshot wrong origin in prompt
File on HackerOne kay_j_j → MetaMask programme
WLS jumps to 95%+ immediately after repro screenshot obtained
WLS Bonixer — Welical Layer Score
W1 — Vulnerability Class
100%
Origin spoof — clear class
W2 — N6 Kill Chain
100%
Q1–Q6 all pass
W3 — BOWER Stages
83%
5/6 · E pending repro
W4 — CLO Gate
100%
CLO-SIGNED ✅ conditional
W5 — Repro Evidence
0%
OPEN — phone needed
W6 — Submission Ready
0%
Blocked on W5
64%
OVERALL WLS — WELICAL LAYER SCORE
ONE BLOCKER: Stage E repro screenshot on Kay's phone
Finding Detail
IDMM-002
PlatformHackerOne · MetaMask
SeveritySev2-normal (MEDIUM)
TierWALLET
Reward$500 – $2,500
COICLEAN
Issue statusOPEN · 0 comments · unfiled
Researcherkay_j_j · kayyo@pemos.ca
ETH address0x22377D69f421B57EC44b18Ef15e8d320d3349A20
Vulnerability
WalletConnect relay URL shown as origin
in signTypedData prompt instead of actual dApp domain.
EIP-712 consent invariant violated.
in signTypedData prompt instead of actual dApp domain.
EIP-712 consent invariant violated.
Attack Path
1Attacker deploys malicious dApp at attacker.com
2User visits, clicks "Connect Wallet" → WalletConnect QR
3User scans QR with MM Mobile → WC v2 session via relay
4Attacker triggers signTypedData request
5MM Mobile shows: bridge.walletconnect.org
instead of: attacker.com
instead of: attacker.com
6User confused → thinks request is from relay (legitimate-looking) → signs
7Valid EIP-712 signature obtained under false pretences → downstream abuse
Theorem Backing (EOSE IP)
SecurityProofs.lean
separation_of_duties_3_of_5
A 3-of-5 separation of duties requires all 5 principals to be correctly identified. If any principal identity is spoofed, the separation collapses. Applied: signTypedData requires (1) user, (2) dApp domain, (3) payload integrity. If (2) is wrong → invariant violated.
SecurityProofs.lean
rbac_matrix_5x10
RBAC bypass: if principal identity is incorrect at point of authorization, the access matrix is evaluated against the wrong principal. Origin spoof = RBAC bypass at the wallet layer.
Repro Steps (for H1 report)
Environment: MM Mobile (iOS/Android) · WalletConnect v2 · Sepolia testnet
1Open uniswap.org (Sepolia) in browser
2Connect Wallet → WalletConnect → scan QR with MM Mobile
3Trigger any EIP-712 signTypedData on the dApp
4Observe signing prompt on MM Mobile:
✓Expected: app.uniswap.org
✗Actual: bridge.walletconnect.org or wrong origin
📸 WHAT TO SCREENSHOT
The MM Mobile signing prompt showing the origin field. Capture both the browser URL bar (showing real dApp) and the MM prompt (showing wrong origin) in the same recording.
N6 Kill Chain
✓ Q1 In-scope
Origin spoofing, UX security, mobile wallet
✓ Q2 User-visible impact
Wrong origin in signing prompt on mainnet MM Mobile
✓ Q3 Clear attack path
Attacker dApp → WC session → signTypedData → wrong origin shown
✓ Q4 Reproducible
MM Mobile + WC testnet dApp → repro in < 5 min
✓ Q5 Independent discovery
Issue open · 0 comments · COI clean · @serlf
✓ Q6 Welical gate
Not a known CVE · not WC upstream · MM display logic in scope
CLO Gate
hammurabi (Harvey)
APPROVE ✓ (conditional)
"No IP concerns. COI clean. Scope compliant. Standard responsible disclosure. File immediately upon repro. Do not delay."
clo-warden (RBG)
CLO-SIGNED ✅ (conditional)
"Clear failure of EIP-712's user consent guarantee. Relay infrastructure shown instead of dApp origin creates concrete phishing vector at wallet layer. In scope, independently discovered, properly disclosed. File on repro."
AND GATE: CONDITIONAL CLO-SIGNED ✅
Condition: Stage E repro screenshot on Kay's phone
Condition: Stage E repro screenshot on Kay's phone