bug-bounty508
xss269
rce149
google124
bragging-post119
account-takeover113
facebook102
privilege-escalation95
authentication-bypass94
open-source92
malware91
exploit88
microsoft87
csrf86
access-control76
stored-xss75
cve71
ai-agents67
web-security64
reflected-xss63
phishing58
information-disclosure52
input-validation52
sql-injection51
smart-contract49
privacy48
cross-site-scripting48
defi48
ssrf47
reverse-engineering46
ethereum46
tool46
api-security45
writeup44
apple41
vulnerability-disclosure40
web-application38
ai-security38
burp-suite37
llm37
opinion37
web336
credential-theft35
race-condition35
responsible-disclosure35
automation35
dos34
remote-code-execution34
infrastructure33
idor33
0
9/10
vulnerability
A critical type-confusion vulnerability in Polygon PoS's Heimdall validator software allowed attackers to bypass event validation through unverified log event decoding, potentially enabling rogue validators to inject fraudulent stake updates and compromise the $2B+ PoS bridge. The vulnerability existed in the UnpackLog function which failed to verify event type signatures before unpacking Ethereum logs.
blockchain-security
consensus-layer-attack
ethereum-bridge
proof-of-stake
validator-compromise
type-confusion
event-validation
polygon
heimdall
cross-chain-bridge
cryptographic-verification
off-chain-verification
log-parsing-vulnerability
Polygon PoS
Heimdall
Ethereum
Cosmos
Tendermint
StakeManager
StakingInfo
Bor
Immunefi
MsgStakeUpdate
SideHandleMsgStakeUpdate
DecodeValidatorStakeUpdateEvent
UnpackLog