Security researcher discovered two critical bugs in Cronos Gravity Bridge: (1) an incorrect ERC-20 deploy event check causing nonce mismatch that halts cross-chain transfers from Ethereum to Cronos, and (2) a malicious token that can disable the entire bridge. The vulnerabilities stem from inadequate validation in the MsgSubmitEthereumEvent handler and token supply checks.
Two high-severity Denial of Service vulnerabilities discovered in Stargate, LayerZero's liquidity layer: Bug #1 exploits a Solidity quirk where try/catch statements revert when calling non-contract addresses, allowing attackers to permanently freeze message channels by targeting non-existent contracts with swap payloads; Bug #2 abuses SSTORE gas costs to create payloads exceeding the 175k gas budget allocated for cross-chain message delivery, causing out-of-gas reverts that block the entire bridge channel.