bug-bounty622
facebook479
xss316
google174
microsoft120
rce102
apple72
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos36
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware27
node26
smart-contract-vulnerability25
idor25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
react21
vulnerability-disclosure21
reverse-engineering20
auth-bypass19
aws19
remote-code-execution18
lfi18
cloud17
docker17
cors17
oauth17
supply-chain17
race-condition17
info-disclosure16
browser14
authentication-bypass14
solidity14
phishing14
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
vulnerability
Brahma.Fi's L2 position handler contains a sign confusion bug in positionInWantToken() that miscalculates position value when the account is underwater, treating negative account values as positive funds. This leads to incorrect share calculations during deposits/withdrawals, fee overcharges, and potential protocol insolvency through user exploitation.
sign-confusion
position-value-miscalculation
accounting-error
protocol-insolvency
l2-security
perpetual-protocol
leverage-trading
fund-loss
withdrawal-exploit
fee-manipulation
underwater-position
clearing-house
solidity
Brahma.Fi
PerpV2Controller
PerpTradeExecutor
Perpetual Protocol
Optimism
0x1b6BF7Ab4163f9a7C1D4eCB36299525048083B5e
0
vulnerability
Iron Bank's seizeInternal() function fails to credit liquidators with the correct collateral amount when seizing tokens, undercounting their collateral and potentially triggering unintended liquidations. The bug stems from only increasing collateral by collateralTokens instead of the full seizeTokens amount, with the difference (buffer) not being accounted for.
smart-contract
bug
collateral-calculation
liquidation
ethereum
defi
access-control
accounting-error
ctoken
lending-protocol
Iron Bank
CCollateralCapERC20.sol
0x7e8844ea4c211a69ad9308ba0b6cdb3ea0bb2b05