A high-severity DoS vulnerability in Sui's Narwhal consensus layer allowed attackers to crash validator nodes via Out-of-Memory (OOM) attacks by sending a single malicious request with 1.2M certificate digests (37MB payload), bypassing the absence of response limits and timeout handling in the get_certificates() function. The vulnerability was patched by removing the vulnerable GetCertificates and GetPayloadAvailability handlers, with the researcher earning a $50,000 SUI bounty.
Acala's Homa staking protocol contained an unbounded loop in the process_redeem_requests function that could be exploited by an attacker with 12,000+ DOT to create 22,000 redemption requests, causing the validator's on_initialize function to exceed block finalization time limits and halt the entire parachain's block production.
This appears to be a landing page or navigation hub for Fraxlend, a DeFi lending protocol, featuring content from Obsidian Audits. The page lacks substantive technical content about specific vulnerabilities or findings.
Security researcher Merkle Bonsai documents a hybrid NFT vulnerability in Ocean Protocol where on-chain Data Description Objects (DDOs) can be modified to enable attacks, exploiting the protocol's reliance on modifiable on-chain data structures. The article discusses how these hybrid attacks work and references previous analysis of Ocean Protocol's design vulnerabilities.
A collection of blockchain security research and bug reports covering vulnerabilities in Oasys L2 blockchain, Eco's lockup contracts, and hybrid NFT attacks on Ocean Protocol. Multiple issues were identified and reported through Immunefi's bug bounty program.
A collection of security research articles covering vulnerabilities in blockchain projects including Oasys (a gaming-focused Ethereum L2), Eco's lockup contracts, and Ocean Protocol's hybrid NFT implementation where on-chain data modifications can be exploited. Multiple bugs are documented with disclosure timelines and remediation details.
Security research analyzing a hybrid NFT vulnerability in Ocean Protocol where on-chain Data Description Objects (DDOs) stored on blockchain can be modified to enable attacks. The article discusses design flaws and issues discovered in Ocean Protocol's implementation, with bug bounty disclosures via Immunefi.
Story Network's postmortem analysis reveals two critical vulnerabilities discovered during mainnet launch. The first issue allowed attackers to create arbitrarily large EVM transaction payloads (>4MB) that would cause validator crashes and network shutdown through JSON marshalling inefficiencies and inadequate block size validation inherited from Octane codebase.