bug-bounty496
xss255
rce132
bragging-post119
google109
account-takeover107
authentication-bypass94
privilege-escalation92
open-source92
facebook86
csrf83
malware83
microsoft76
access-control75
stored-xss75
ai-agents67
web-security64
reflected-xss63
exploit62
phishing59
cve55
information-disclosure52
input-validation52
sql-injection51
smart-contract49
defi48
cross-site-scripting48
privacy47
tool46
ethereum46
reverse-engineering45
ssrf44
api-security44
vulnerability-disclosure40
web-application38
ai-security38
burp-suite37
opinion37
llm37
dos36
writeup36
apple36
automation35
responsible-disclosure35
cloudflare34
remote-code-execution33
web333
infrastructure33
html-injection33
smart-contract-vulnerability33
0
5/10
vulnerability
An arbitrary method call vulnerability in xDai's Arbitrary Message Bridge (AMB) contracts allowed attackers to execute unauthorized token transfers on behalf of the bridge contracts, exploiting the fact that AMB contracts could inadvertently receive user funds despite not being intended to hold them. The vulnerability was patched by introducing monitoring on Transfer events to identify and protect locked tokens.
arbitrary-method-call
smart-contract
bridge-vulnerability
ethereum-sidechain
token-theft
access-control
blockchain
bug-bounty
xdai
xDai
Immunefi
0xadee028d
Arbitrary Message Bridge (AMB)
OmniBridge
renBTC
Ethereum Mainnet