A critical price oracle manipulation vulnerability was discovered in Enzyme Finance's Idle token pricing mechanism, where flashloans from IdleTokenGovernance.sol could manipulate the totalSupply calculation used in price computation (totalNav/totalSupply), allowing attackers to exploit share buying. The bug was introduced in Idle v5 when flashloan logic was added, and the researcher received a $90,000 bounty for reporting with a working proof-of-concept.

A logic error in Thena's RewardsDistributor and VotingEscrow contracts prevents users from claiming rewards on expired veNFT positions, as the deposit_for() function incorrectly requires the lock to still be active (end > block.timestamp) even when claiming rewards after expiry. This freezes rewards for veNFT holders whose locks have naturally expired.

A critical vulnerability in Mt Pelerin's bridge-protocol-v2 allowed attackers to drain contract funds by calling cancelOnHoldTransactions() with duplicate transaction arrays, exploiting a missing status check that would process the same transaction multiple times. The bug was responsibly disclosed and patched with a status verification check; no funds were lost.

A critical smart contract vulnerability in Notional V2 allowed double-counting of free collateral in bitmap portfolio processing, enabling attackers to drain protocol liquidity by borrowing against overstated collateral. The bug was triggered via sequential calls to enableBitmapForAccount() and depositUnderlyingToken() that caused free collateral calculations to run twice on the same asset.

A round-down vulnerability in Astroport's Staking.rs contract allows attackers to deflate the xASTRO token and break staking functionality by exploiting the absence of minimum liquidity requirements, potentially enabling governance token monopolization and voting manipulation.

Enzyme Finance had a critical missing privilege check vulnerability in its GasRelayPaymasterLib contract where the paymaster failed to validate the trusted forwarder's address, allowing attackers to bypass signature verification and drain the Vault by crafting malicious relayCall transactions. Whitehat rootrescue discovered and responsibly disclosed the bug, earning a $400,000 bounty.

A cross-chain messaging protocol's signature verification can be bypassed when a new domain is added: if enrollValidator is called before setThreshold, the commitment is saved with threshold=0, allowing attackers to frontrun setThreshold and process unsigned messages with a malicious commitment hash matching the stored zero-threshold commitment.

A whitehat researcher discovered two bugs in Multichain's staking contracts (forked from Solidly) that passed two security audits: a critical checkpoint calculation bug that corrupts voting power and reward distribution when no checkpoints occur within a week, and a medium-severity supply tracking bug in the NFT merge function that fails to decrease token supply. Both bugs were reported and remediated.

A critical logic error in Beanstalk's Token Facet transferTokenFrom() function allowed attackers to steal ERC20 tokens from approved accounts by bypassing allowance checks for external transfers. The vulnerability risked $3.1M in assets but was responsibly disclosed and patched before exploitation.

Iron Bank's CCollateralCapERC20 token fails to enforce the collateral cap invariant during account initialization, allowing totalCollateralTokens to exceed collateralCap limits and creating liquidation insolvency risks. The initializeAccountCollateralTokens() function bypasses the cap check that is properly enforced elsewhere, enabling uninitialized users to receive collateral without cap validation.

A critical NFT bridge vulnerability in L1/L2 ERC721Bridge contracts allows attackers to steal deposited NFTs by exploiting inadequate token validation—an attacker can create a worthless L2 token, call withdrawTo() to burn it, and trigger finalizeERC721Withdrawal() on L1 without proper L1-L2 token correspondence checks, enabling theft of any NFT in the bridge contract.

A delegatecall vulnerability in oasisDEX's BuyCommand and SellCommand contracts allows attackers to execute arbitrary code by directly calling the external execute() function with the continuous flag set, bypassing the intended AutomationBot access control and potentially gaining unauthorized access to user CDP funds or causing system freeze via selfdestruct().

ANKR and Stader's liquid staking protocols on BSC are vulnerable to MEV-based sandwich attacks on reward distribution. An attacker can stake immediately before the updateRatio() function increases the pool ratio with new rewards, then unstake to capture a disproportionate share of rewards without having their capital actually used in staking.

A critical logic error in Belt Finance's strategy contract allowed attackers to manipulate the balanceSnapshot variable by sending tokens directly to the contract, causing the protocol to mint excessive strategy shares and enabling drainage of ~$60M in BNB. The bug involved incorrect double-counting of withdrawals when funds could be satisfied from the contract's direct balance without liquidating yield-generating assets.

A critical logic error in Yield Protocol's strategy contract allowed attackers to drain pool tokens by inflating the balance calculation through direct token transfers; the vulnerability was responsibly disclosed by whitehat Paludo0x, who received a $95,000 USDC bounty after the $950k at-risk vulnerability was patched by modifying the burn function to use cached pool values instead of live balance checks.

A logic error in Tidal Finance's staking contract on Polygon allowed attackers to claim unearned rewards by exploiting improper state management in the payout process, where user.rewardDebt remained zero after a finalized payout. The vulnerability was patched by moving a critical rewardDebt update line earlier in the execution flow.

A high-risk vulnerability in Ondo Finance's TrancheToken implementation contract allowed an attacker to permanently destroy the implementation contract via selfdestruct, causing all dependent proxy contracts to no-op and potentially enabling drainage of $50m from UniswapStrategy contracts if a token minting flag was enabled (which it wasn't, preventing actual theft).

Brahma.Fi's L2 position handler miscalculates the value of positions in negative states due to sign confusion in the positionInWantToken() function, where negative account values (indicating underwater accounts rather than short positions) are treated as positive, leading to incorrect share issuance, excess withdrawals, and potential protocol insolvency.

Educational writeup on array input validation vulnerabilities in Substrate smart contracts, demonstrating how missing percentage validation in a voting function allows attackers to exceed 100% voting weight across multiple pools or repeat pool IDs to multiply voting power and drain rewards.

A critical ERC-20 token implementation bug in Redacted Cartel's wxBTRFLY contract allowed attackers to reassign user allowances to themselves via a faulty transferFrom function, risking $6 million in funds. The vulnerability was fixed by replacing the custom implementation with OpenZeppelin's battle-tested ERC-20, and the researcher received a $560,000 bounty.

Compound's liquidation mechanism fails to validate whether seized assets are actually held as collateral by the borrower, allowing liquidators to seize any user cTokens regardless of whether they were entered into markets. This can result in unauthorized asset seizure even for assets the user explicitly exited from.

An unprotected init() function in 88mph's CRV:RENWBTC, CRV:STETH, and yaLink pools lacked onlyOwner and initializer modifiers, allowing anyone to call it multiple times and take ownership of NFT contracts to mint/burn user deposits. The vulnerability was worth approximately $6.5M in potential theft and was responsibly disclosed and patched via whitehack.

A critical logic error in Mushrooms Finance's StrategyCmpdWbtcV1 contract allowed unauthorized callers to execute a flashloan function intended only for internal vault callbacks, enabling a three-step flash loan attack to extract 19 wBTC (~$635k) by exploiting insufficient access controls and parameter validation.

A critical authorization bypass vulnerability in BitSwift's dApp frontend allowed unauthenticated users to mint unlimited BCAD tokens via an unprotected /bcad/credit endpoint that lacked proper admin permission checks, enabling attackers to drain liquidity pools. The researcher earned a $4,515 bounty after responsibly disclosing the issue.

A vulnerability in Cronos/Ethermint allowed attackers to construct MsgEthereumTx messages without ExtensionOptionsEthereumTx, bypassing the EthGasConsumeDecorator handler and enabling theft of transaction fees from the current block through false gas refunds. The bug was fixed in v0.6.5 by adding validation to ensure MsgEthereumTx is properly wrapped.

A logic error in Synthetix's fee reclamation feature allowed attackers to receive inflated amounts when exchanging synths because the _exchange function used the wrong variable (sourceAmount instead of sourceAmountAfterSettlement) when calculating rebates, resulting in a $150,000 payout to the whitehat researcher.

A critical infinite spend vulnerability in Aurora's Rainbow Bridge allowed attackers to withdraw unlimited ETH by exploiting DELEGATECALL context confusion, potentially exposing 70k ETH and $200m in assets. The bug was responsibly disclosed for a $6 million bounty payout.

A rate-limiting bypass vulnerability allowed attackers to brute-force Instagram account passwords through Facebook's mobile endpoint by distributing attempts across multiple test accounts created via Facebook apps, enabling up to 6 million password attempts daily instead of the intended 20 per account.

TinyCards Android app loaded initial web content over HTTP instead of HTTPS, allowing MITM attackers to inject malicious JavaScript into the WebView and achieve code execution. The vulnerability was fixed in v1.0 (version code 10) by switching to SSL for initial content loading.

A Flask/Jinja2 template injection vulnerability was discovered in an email generation utility that evaluated user input in email subject fields. The attacker exploited Python object introspection through Jinja2 syntax to access the file class and read sensitive files including configuration files with API keys and encryption keys from a GCE instance.