account-validation

1 article
sort: new top best
clear filter
bug-bounty473 google371 microsoft318 facebook271 xss267 rce184 apple178 malware177 exploit165 cve122 account-takeover110 bragging-post102 phishing85 csrf85 privilege-escalation83 browser71 supply-chain69 stored-xss65 authentication-bypass64 dos64 react58 reflected-xss57 cloudflare52 reverse-engineering50 access-control48 node48 input-validation48 aws48 cross-site-scripting48 writeup47 docker46 ssrf45 smart-contract45 ethereum44 web-security43 sql-injection43 defi43 web343 oauth41 web-application41 lfi38 info-disclosure37 pentest37 race-condition37 idor35 burp-suite35 auth-bypass35 vulnerability-disclosure34 cloud34 html-injection33
0 7/10
Raydium
vulnerability

Raydium's increase_liquidity function failed to validate whether remaining_accounts[0] was the correct TickArrayBitmapExtension account, allowing attackers to manipulate tick states and drain liquidity pools by bypassing intended price boundary checks. The whitehat discovered this critical flaw on January 10, 2024, and received a $505,000 bounty.

smart-contract-vulnerability solana amm liquidity-pool tick-manipulation access-control account-validation clmm raydium bugfix-review
Raydium Immunefi @riproprip Solana Uniswap V3 increase_liquidity.rs TickArrayBitmapExtension
medium.com · riproprip · 20 hours ago · details