bridge-vulnerability

3 articles

sort: new top best

bug-bounty408 google401 xss352 microsoft316 facebook286 exploit192 apple187 rce176 malware148 cve111 account-takeover96 browser89 csrf86 writeup71 privilege-escalation66 phishing63 dos60 react60 supply-chain58 bragging-post55 authentication-bypass54 node51 cloudflare51 ssrf50 docker48 aws48 access-control46 reverse-engineering46 smart-contract45 web345 ethereum43 oauth42 defi42 pentest41 sql-injection40 idor36 lfi36 info-disclosure35 race-condition34 cloud32 smart-contract-vulnerability32 auth-bypass31 buffer-overflow31 wordpress30 clickjacking29 subdomain-takeover27 solidity27 vulnerability-disclosure25 cors24 web-application24

0 8/10

Cronos Gravity Bridge

bug-bounty

Two critical bugs found in the Cronos Gravity Bridge allowing attackers to halt cross-chain transfers from Ethereum to Cronos and disable the bridge entirely. The vulnerabilities stem from incorrect validation of ERC-20 deployment events causing nonce mismatches between chains, and malicious token supply causing bridge deactivation.

bridge-vulnerability cross-chain gravity-bridge cosmos ethereum smart-contract erc20 nonce-mismatch denial-of-service bug-bounty immunefi

Cronos Gravity Bridge Immunefi Sommelier Zellic Gravity.sol CosmosERC20 x/gravity

faith2dxy.xyz · Faith · 17 hours ago · details

0 7/10

Scroll

incident-report

Scroll executed an emergency upgrade on April 25, 2025 to patch two critical vulnerabilities: a soundness bug in OpenVM 1.0.0's auipc opcode circuit (off-by-one in enumeration causing insufficient range checking) and a message spoofing vulnerability in the bridge's EnforcedTxGateway contract that could allow arbitrary token minting on L2.

circuit-soundness zero-knowledge-proof bridge-vulnerability message-spoofing token-minting emergency-patch smart-contract-vulnerability access-control-bypass layer-2 scroll-network opcode-implementation range-check-bug

Scroll OpenVM Axiom Immunefi WhiteHatMage Trail of Bits L1ScrollMessenger EnforcedTxGateway L2ScrollMessenger

forum.scroll.io · WhiteHatMage · 17 hours ago · details

0 5/10

Ocean

vulnerability-collection

Collection of three smart contract vulnerability writeups covering critical access control issues: Betverse ICO's public transferTokenToLockedAddresses() function enabling token theft, Ocean Protocol's unprotected ownerWithdraw() function allowing unauthorized fund transfer, and Oasys L1 bridge contract vulnerability enabling NFT theft.

smart-contract-vulnerability access-control function-visibility token-theft web3-security solidity immunefi betverse ocean-protocol oasys nft-theft bridge-vulnerability unprotected-function

Shanmuga Bharathi Betverse Ocean Protocol Oasys Immunefi BToken

mirror.xyz · Shanmuga Bharathi. N · 17 hours ago · details