bug-bounty405
google392
xss350
microsoft305
facebook274
apple184
exploit182
rce174
malware136
cve107
account-takeover94
csrf86
browser85
writeup69
privilege-escalation66
phishing61
dos60
react59
supply-chain56
bragging-post55
authentication-bypass54
cloudflare51
node51
ssrf49
aws48
docker48
access-control46
smart-contract45
reverse-engineering45
web344
ethereum43
defi42
pentest41
oauth41
sql-injection40
lfi35
idor35
race-condition33
info-disclosure33
smart-contract-vulnerability32
cloud31
buffer-overflow30
auth-bypass29
wordpress29
clickjacking29
solidity27
subdomain-takeover27
vulnerability-disclosure25
web-application24
sqli23
0
7/10
bug-bounty
A critical vulnerability in Mt Pelerin's bridge-protocol-v2 allowed attackers to drain contract funds by calling cancelOnHoldTransactions() with duplicate transaction arrays, exploiting a missing status check that would process the same transaction multiple times. The bug was responsibly disclosed and patched with a status verification check; no funds were lost.
smart-contract
bug-bounty
vulnerability
ethereum
web3
bridge-protocol
reentrancy
logic-error
fund-drainage
kyc-aml
compliance
Mt Pelerin
Immunefi
bridge-protocol-v2
ComplianceRegistry.sol
cancelOnHoldTransfers
0
8/10
vulnerability
O3 DeFi bridge aggregators are vulnerable to token theft through callproxy parameter impersonation in the exactInputSinglePToken function, allowing attackers to redirect victim-approved funds to attacker-controlled addresses. The vulnerability affects all O3 aggregators across supported chains but is mitigated if users set MAX approval rather than finite amounts.
smart-contract-vulnerability
access-control
token-approval
defi
bridge-protocol
uniswap
ethereum
cross-chain
impersonation
fund-theft
aggregator
bug-bounty
dispute
O3
O3EthereumUniswapV3Aggregator
Uniswap V3
Immunefi
0xDjango
CVE (not provided)
0x561f712b4659be27efa68043541876a137da532b
0xC11073e2F3EC407a44b1Cff9D5962e6763F71187