A security researcher documents a CORS misconfiguration vulnerability that leads to exposure of sensitive data, demonstrating a common web application security flaw.
A multi-stage vulnerability in GitHub's private pages authentication flow combining CRLF injection, null byte parsing bypass, and cookie prefix case-sensitivity to achieve XSS and cache poisoning on private organization pages. The attack exploited case-insensitive cookie handling to bypass __Host- prefix protections and nonce fixation to achieve unauthenticated arbitrary code execution.
A security researcher discovered a rate-limiting vulnerability in Microsoft's password reset flow that could be exploited via concurrent requests to brute-force 7-digit security codes, bypassing encryption and rate limits to enable account takeover even on accounts with 2FA enabled. Microsoft patched the vulnerability and awarded a $50,000 bounty.
A high-severity DoS vulnerability in Sui's Narwhal consensus layer allowed attackers to crash validator nodes via Out-of-Memory (OOM) attacks by sending a single malicious request with 1.2M certificate digests (37MB payload), bypassing the absence of response limits and timeout handling in the get_certificates() function. The vulnerability was patched by removing the vulnerable GetCertificates and GetPayloadAvailability handlers, with the researcher earning a $50,000 SUI bounty.
A high-risk vulnerability in Ondo Finance's TrancheToken smart contract allowed attackers to destroy the uninitialized implementation contract via selfdestruct, causing all proxy contracts to no-op and potentially draining $50m from UniswapStrategy contracts if a minting flag were enabled. The bug was patched immediately after disclosure with no user funds at risk.
A critical vulnerability in Axelar Network allowed attackers to force validators to miss votes by crafting transactions with excessive logs that exceed Tendermint's 1MB RPC request limit, leading to automatic Chain Maintainer deregistration and potential halt of cross-chain operations. The vulnerability has been patched via governance proposal 256 disabling the auto-deregistration mechanism.
Portfolio page showcasing multiple critical smart contract vulnerabilities disclosed across DeFi/NFT protocols, including access control flaws, uninitialized UUPS proxies enabling arbitrary delegatecalls, and broken token transfer functions. Author details bounty payouts and rescued funds across 88mph, Polygon, KeeperDAO, and other projects, with limited technical depth on each vulnerability.
Security researcher's portfolio showcasing multiple critical vulnerability disclosures in DeFi and NFT smart contracts, primarily focused on proxy vulnerabilities (UUPS), uninitialized logic contracts, and access control issues that collectively protected over $50M in TVL. While demonstrating significant impact, the article lacks technical depth and primarily lists findings with references to external postmortems rather than detailed exploitation methodology.
Portfolio page showcasing multiple critical smart contract vulnerabilities disclosed across DeFi protocols, including UUPS proxy initialization flaws, access control bypasses, and token theft vectors. While listing numerous bug bounty successes (>$6.5m rescued), it provides minimal technical depth and primarily serves as credentials summary.
A portfolio page showcasing multiple critical smart contract vulnerability disclosures across DeFi protocols (88mph, Polygon, KeeperDAO, Alchemix, Ondo Finance) and bug bounty wins totaling over $6.5M in rescued funds, with brief technical descriptions of UUPS proxy exploits, access control flaws, and token theft vulnerabilities.
Acala's Homa staking protocol contained an unbounded loop in the process_redeem_requests function that could be exploited by an attacker with 12,000+ DOT to create 22,000 redemption requests, causing the validator's on_initialize function to exceed block finalization time limits and halt the entire parachain's block production.
A critical rounding convention bug in Vesu's Singleton liquidation contract allowed attackers to steal user funds through malicious pool extension contracts, flashloans, and improper handling of the receive_as_shares flag. The vulnerability was discovered via Immunefi bug bounty, remediated by removing the affected liquidation logic and whitelisting pool extensions within 5 days.
A portfolio/services page by security auditor Kiki showcasing 50+ smart contract audits and 15+ bug bounties across DeFi protocols, with client testimonials and links to published audit reports, primarily for lending/staking/perpetual trading protocols.