bug-bounty496
xss255
rce132
bragging-post119
google109
account-takeover107
authentication-bypass94
privilege-escalation92
open-source92
facebook86
csrf83
malware83
microsoft76
access-control75
stored-xss75
ai-agents67
web-security64
reflected-xss63
exploit62
phishing59
cve55
information-disclosure52
input-validation52
sql-injection51
smart-contract49
defi48
cross-site-scripting48
privacy47
tool46
ethereum46
reverse-engineering45
ssrf44
api-security44
vulnerability-disclosure40
web-application38
ai-security38
burp-suite37
opinion37
llm37
dos36
writeup36
apple36
automation35
responsible-disclosure35
cloudflare34
remote-code-execution33
web333
infrastructure33
html-injection33
smart-contract-vulnerability33
0
9/10
vulnerability
Security researcher discovered two critical bugs in Sei Network's layer-1 blockchain: (1) an ABCI panic in the EVM EndBlocker triggered by vesting accounts with locked funds, causing chain halts, and (2) a balance handling vulnerability allowing arbitrary fund transfers via negative number handling in SubBalance/AddBalance functions. Both bugs were caught pre-mainnet and rewarded at $75,000 and $2,000,000 respectively.
cosmos-sdk
blockchain
layer-1
evm-integration
panic-handling
state-management
fund-transfer
chain-halting
vesting-accounts
balance-handling
abci-methods
tendermint
Sei Network
Sei Foundation
Cosmos SDK
Geth
Trail of Bits
Immunefi
CVE-2024 (implied, not explicitly stated)