bug-bounty406
google396
xss352
microsoft308
facebook282
exploit187
apple185
rce176
malware141
cve110
account-takeover94
browser88
csrf86
writeup70
privilege-escalation66
phishing62
dos60
react60
supply-chain57
bragging-post55
authentication-bypass54
node51
cloudflare51
ssrf50
aws48
docker48
access-control46
smart-contract45
reverse-engineering45
web345
ethereum43
defi42
oauth41
pentest41
sql-injection40
lfi36
idor35
info-disclosure34
race-condition34
smart-contract-vulnerability32
cloud32
buffer-overflow31
auth-bypass30
clickjacking29
wordpress29
solidity27
subdomain-takeover27
vulnerability-disclosure25
ctf24
web-application24
0
7/10
vulnerability
Beanstalk's convertFacet function failed to validate the Well address parameter, allowing attackers to supply a malicious contract that could return arbitrary BEAN amounts and set conversion costs to zero, enabling theft of protocol funds without proper token withdrawal. The fix added validation to ensure the Well address is whitelisted and that the fromAmount is always non-zero.
insufficient-input-validation
smart-contract
solidity
ethereum
defi
stablecoin
access-control
arbitrary-contract-call
deposit-withdrawal
bugfix-review
Beanstalk
Immunefi
BEAN
convertFacet
Silo
Well
0
8/10
vulnerability
BendDAO's Sewer Pass Flash Claim contract contained an input validation vulnerability where the `airdropTokenAddresses` parameter was not validated against a whitelist, allowing NFT owners to deploy malicious token contracts that could withdraw staked ApeCoin during the flash loan execution without proper unstaking.
smart-contract-vulnerability
flash-loan
input-validation
arbitrary-contract-call
nft
defi
ethereum
erc721
benddao
ape-staking
whitelisting-bypass
BendDAO
Sewer Pass
BAYC
MAYC
ApeCoin
Ape Staking
UserFlashclaimRegistryV3
AirdropFlashLoanReceiverV3
CVE-ID-16841