bug-bounty406
google396
xss352
microsoft308
facebook282
exploit187
apple185
rce176
malware141
cve110
account-takeover94
browser88
csrf86
writeup70
privilege-escalation66
phishing62
dos60
react60
supply-chain57
bragging-post55
authentication-bypass54
node51
cloudflare51
ssrf50
aws48
docker48
access-control46
smart-contract45
reverse-engineering45
web345
ethereum43
defi42
oauth41
pentest41
sql-injection40
lfi36
idor35
info-disclosure34
race-condition34
smart-contract-vulnerability32
cloud32
buffer-overflow31
auth-bypass30
clickjacking29
wordpress29
solidity27
subdomain-takeover27
vulnerability-disclosure25
ctf24
web-application24
0
8/10
vulnerability
A critical vulnerability in Tranchess's ShareStaking contract allowed attackers to drain user funds by exploiting a skipped _checkpoint() call during rebalance events, causing total supply desynchronization. The attack enables direct theft of up to 815 BTC and 1438 ETH depending on attacker's fund size, with exploitation possible via frontrunning the rebalance settlement.
smart-contract
solidity
vulnerability-disclosure
reentrancy-adjacent
state-synchronization
checkpoint-mechanism
yield-farming
bsc
gas-optimization
accounting-bug
fund-drainage
frontrunning
Tranchess
ShareStaking
FundV3
Immunefi
Queen
Bishop
Rook
BSC