bug-bounty621
facebook431
xss316
google103
rce101
csrf60
microsoft59
web354
account-takeover53
writeup50
apple42
sqli41
cve35
ssrf34
exploit33
dos31
privilege-escalation28
defi28
cloudflare27
smart-contract-vulnerability25
idor24
subdomain-takeover24
ethereum23
clickjacking23
smart-contract23
vulnerability-disclosure21
access-control21
auth-bypass19
malware19
remote-code-execution18
lfi17
cors16
race-condition15
cloud15
reverse-engineering14
authentication-bypass14
solidity14
oauth12
browser12
info-disclosure12
aws12
sql-injection11
delegatecall11
denial-of-service11
phishing11
web-application-security10
vulnerability9
buffer-overflow9
web-security9
token-theft9
0
vulnerability
A denial-of-service vulnerability in LayerZero's ONFT (ERC721) implementation allows attackers to freeze cross-chain token transfers by passing a malicious receiver contract that exhausts gas in the onERC721Received() callback, causing the message to block indefinitely at the Endpoint level. The issue stems from NonBlockingLzApp's insufficient gas reservation (1/64 of gasLimit) to handle failed message storage when all allocated gas is consumed.
layerzero
cross-chain-bridge
denial-of-service
gas-limit-abuse
onft
oft
erc721
callback-exploitation
non-blocking-app
smart-contract-vulnerability
message-blocking
fund-freezing
gas-computation
safe-mint
LayerZero
Stargate
Immunefi
OpenZeppelin
ULNv1
NonBlockingLzApp
ONFT
OFT
ERC721
ERC20