According to WuShuo, the Brave research team released a report pointing out that the security and privacy risks of the blockchain transaction authorization system zkLogin do not solely depend on the underlying zero-knowledge proof but are highly reliant on a series of protocol-level assumptions that are not explicitly constrained, such as JWT/JSON parsing, issuer trust policies, issuance context binding, and execution environment integrity. The paper identifies three main vulnerabilities: lenient and non-standard claim extraction may accept malformed JWTs; converting short-term authentication credentials into long-term authorization credentials without enforcing issuer/audience/subject/time binding could lead to cross-application misuse (especially in browser scenarios). It emphasizes that these issues are not flaws in the cryptographic algorithms themselves. https://www.(wublock123.com)/index.php?m=content&c=index&a=show&catid=6&id=56753