bug-bounty622
facebook464
xss316
google151
rce105
microsoft97
apple65
csrf61
account-takeover54
web354
writeup51
exploit42
sqli41
cve37
ssrf35
cloudflare33
dos33
malware29
privilege-escalation29
defi28
smart-contract-vulnerability25
idor24
subdomain-takeover24
ethereum23
smart-contract23
clickjacking23
access-control21
node21
vulnerability-disclosure21
browser20
auth-bypass20
lfi19
aws19
remote-code-execution18
react17
cloud17
reverse-engineering16
cors16
docker16
oauth15
info-disclosure15
race-condition15
solidity14
authentication-bypass14
supply-chain13
phishing13
wordpress12
denial-of-service11
sql-injection11
delegatecall11
0
vulnerability
Brahma-Fi's withdrawal mechanism uses Curve's calc_token_amount() function with an incorrect boolean parameter (true instead of false), causing LP token amount calculations to underestimate required withdrawals and leading to batch withdrawal failures. The bug affects both unstaking amounts and LP redemption amounts, resulting in insufficient USDC being withdrawn from the Curve pool.
smart-contract
curve-finance
api-misuse
calculation-error
withdraw-failure
defi
bug
convex
usdc
lp-tokens
frax
Brahma-Fi
Curve
Convex
USDC
Frax
ConvexTradeExecutor