bug-bounty433
google351
xss348
microsoft280
facebook245
apple171
exploit160
rce156
malware96
account-takeover94
cve88
csrf82
writeup80
bragging-post78
browser77
privilege-escalation67
react59
authentication-bypass57
cloudflare54
dos53
docker51
ssrf51
node50
access-control47
aws47
phishing46
smart-contract45
oauth45
ethereum43
supply-chain43
web342
defi42
sql-injection41
lfi37
idor34
smart-contract-vulnerability32
clickjacking31
web-application31
race-condition31
reverse-engineering31
wordpress30
info-disclosure30
vulnerability-disclosure29
cloud28
burp-suite28
information-disclosure28
solidity27
web-security27
ctf26
responsible-disclosure26
0
7/10
vulnerability
A critical returndata bomb vulnerability in RAI's LiquidationEngine allows malicious savior contracts to crash liquidations by reverting with massive return data, causing out-of-gas errors and creating unliquidatable positions that lead to protocol bad debt. The vulnerability was acknowledged as technically valid but dismissed as out-of-scope due to savior whitelisting, with Immunefi reversing its initial Medium severity recommendation to None without new technical justification.
returndata-bomb
smart-contract-vulnerability
liquidation-engine
denial-of-service
gas-exhaustion
evm
defi
immunefi
bug-bounty-dispute
governance-bypass
bad-debt
protocol-insolvency
savior-contracts
RAI
Reflexer Finance
Immunefi
CVE-2023-XXXXX