Hi Team,

Hope you are doing great.

Note: When we sign up the first thing that pops up is to make a 4 digit PIN to the user.

This should be the first layer which should not be lying like this.

This is for Android and ios applications.

I got a vulnerability in your applications via which an attacker is able to bypass the PIN.

The attacker just needs to bruteforce the 4 digit PIN as unlimited tries are accepted by the application, the attacker can simply bruteforce and access the wallet.

Here is one of the similar hackerone report for more clarity:

PoC:

Regards,

Mr!dul Vohra