It's pretty upfront about being a novelty project done by a self-described non-crypto expert, and I don't see any assertions of it guaranteeing any degree of sufficiency/security or claiming any such NextBigThing(TM) hype.

Just because a paper is published doesn't mean it wasn't done for fun/the hell of it.

Yeah this is bang on. I messaged my old supervisor from uni about turning CubeAuthn into a paper and she suggested I submit the paper to that conf.