Critical IDOR Discovery — Web3 Protocol
Identified a zero-click, unauthenticated IDOR vulnerability in a major L2 protocol's support infrastructure. Chained an unauthenticated wallet-to-userId lookup with an unprotected Server-Sent Events stream, enabling live surveillance of...