Portis is using iframe to display the confirmation buttons This allow a malicious application (trusted enough to have made the user signin with portis) to make the following: detect high token value in user's wallet cover the portis iframe with click through element perform a tx to steal the tokens (the portis iframe will come up but will not be visible to the user, it does not know that by clicking on the cover, it will actually click through to the portis confirm button) The tx is then broadcasted and the user loose its token

To solve this the portis iframe confirm button should become a "see details" button that trigger a popup. That popup will be where the user will confirm the tx