As the field of Web3 continues its rapid expansion, the security of Web3 authentication, often the gateway to various Web3 applications, becomes increasingly crucial. Despite its widespread use as a login method by numerous Web3 applications, the security risks of Web3 authentication have not received much attention. This paper investigates the vulnerabilities in the Web3 authentication process and proposes a new type of attack, dubbed blind message attacks. In blind message attacks, attackers trick users into blindly signing messages from target applications by exploiting users' inability to verify the source of messages, thereby achieving unauthorized access to the target application. We have developed Web3AuthChecker, a dynamic detection tool that interacts with Web3 authentication-related APIs to identify vulnerabilities. Our evaluation of real-world Web3 applications shows that a staggering 75.8% (22/29) of Web3 authentication deployments are at risk of blind message attacks. In response to this alarming situation, we implemented Web3AuthGuard on the open-source wallet MetaMask to alert users of potential attacks. Our evaluation results show that Web3AuthGuard can successfully raise alerts in 80% of the tested Web3 authentications. We have responsibly reported our findings to vulnerable websites and have been assigned two CVE IDs.

翻译：随着Web3领域的持续快速扩张，作为众多Web3应用入口的Web3认证机制安全性变得日益关键。尽管大量Web3应用普遍采用Web3认证作为登录方式，但其安全风险尚未得到充分关注。本文深入研究了Web3认证流程中的安全漏洞，并提出一种新型攻击方法——盲签名消息攻击。在该攻击中，攻击者利用用户无法验证消息来源的缺陷，诱使用户对目标应用的消息进行盲目签名，从而实现未经授权访问目标应用。我们开发了动态检测工具Web3AuthChecker，该工具通过与Web3认证相关API交互来识别安全漏洞。对实际Web3应用的评估表明，高达75.8%（22/29）的Web3认证部署存在遭受盲签名消息攻击的风险。针对这一严峻形势，我们在开源钱包MetaMask上实现了Web3AuthGuard防护机制，用于向用户预警潜在攻击。评估结果显示，Web3AuthGuard能在80%的测试案例中成功触发警报。我们已向存在漏洞的网站负责任地披露了研究结果，并获得两个CVE编号分配。