bug-bounty405
google392
xss350
microsoft305
facebook274
apple184
exploit182
rce174
malware136
cve107
account-takeover94
csrf86
browser85
writeup69
privilege-escalation66
phishing61
dos60
react59
supply-chain56
bragging-post55
authentication-bypass54
cloudflare51
node51
ssrf49
aws48
docker48
access-control46
smart-contract45
reverse-engineering45
web344
ethereum43
defi42
pentest41
oauth41
sql-injection40
lfi35
idor35
race-condition33
info-disclosure33
smart-contract-vulnerability32
cloud31
buffer-overflow30
auth-bypass29
wordpress29
clickjacking29
solidity27
subdomain-takeover27
vulnerability-disclosure25
web-application24
sqli23
0
8/10
vulnerability
A critical vulnerability in Arbitrum's DelayedInbox bridge contract allowed attackers to reinitialize the contract and set a malicious bridge address due to an uninitialized storage slot combined with a gas optimization that removed a redundancy check, enabling theft of all deposited ETH.
smart-contract-vulnerability
arbitrum
bridge-security
solidity
uninitialized-variable
storage-slot-manipulation
gas-optimization-bug
cross-chain-vulnerability
ethereum
l2-security
access-control
proxy-pattern
Arbitrum Nitro
DelayedInbox.sol
TransparentUpgradeableProxy
Optimism
0xriptide
ImmuneFi
0
7/10
bug-bounty
A critical logic error in Yield Protocol's strategy contract allowed attackers to drain pool tokens by inflating the balance calculation through direct token transfers; the vulnerability was responsibly disclosed by whitehat Paludo0x, who received a $95,000 USDC bounty after the $950k at-risk vulnerability was patched by modifying the burn function to use cached pool values instead of live balance checks.
logic-error
defi
smart-contract
bug-bounty
token-balance-manipulation
pool-draining
yield-farming
arbitrum
ethereum
erc-20
responsible-disclosure
Yield Protocol
Immunefi
Paludo0x
YieldSpace Pool
fyToken
Foundry