cross-chain

2 articles
Sort: New Top Best
clear filter
bug-bounty622 facebook479 xss316 google174 microsoft120 rce102 apple72 csrf60 web355 account-takeover53 writeup51 exploit43 sqli41 dos36 ssrf34 cve33 cloudflare32 privilege-escalation29 defi28 malware27 node26 smart-contract-vulnerability25 idor25 subdomain-takeover24 clickjacking23 smart-contract23 ethereum23 access-control21 react21 vulnerability-disclosure21 reverse-engineering20 auth-bypass19 aws19 remote-code-execution18 lfi18 cloud17 docker17 cors17 oauth17 supply-chain17 race-condition17 info-disclosure16 browser14 authentication-bypass14 solidity14 phishing14 denial-of-service11 sql-injection11 delegatecall11 wordpress10
0
O3
vulnerability

O3 bridge aggregators are vulnerable to token theft through callproxy parameter manipulation in exactInputSinglePToken(), allowing attackers to impersonate approved users and steal their funds when they've approved the aggregator with non-MAX amounts. The vulnerability affects all O3 aggregators across 10+ chains, though the team disputed the severity citing their frontend's default MAX approval behavior.

defi bridge token-theft authorization-bypass smart-contract-vulnerability uniswap ethereum cross-chain aggregator approval-vulnerability access-control impersonation bug-bounty patch
O3 O3EthereumUniswapV3Aggregator 0x561f712b4659be27efa68043541876a137da532b 0xC11073e2F3EC407a44b1Cff9D5962e6763F71187 0xdAC17F958D2ee523a2206206994597C13D831ec7 0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2 0x1337133713371337133713371337133713371337 0xDjango Immunefi Uniswap V3
trust-security.xyz · Trust · 4 hours ago · details
0
Stargate
vulnerability

Two high-severity Denial of Service vulnerabilities discovered in Stargate, LayerZero's liquidity layer: Bug #1 exploits a Solidity quirk where try/catch statements revert when calling non-contract addresses, allowing attackers to permanently freeze message channels by targeting non-existent contracts with swap payloads; Bug #2 abuses SSTORE gas costs to create payloads exceeding the 175k gas budget allocated for cross-chain message delivery, causing out-of-gas reverts that block the entire bridge channel.

layerzero stargate cross-chain dos-attack solidity-vulnerability bridge-security gas-attack callback-vulnerability smart-contract liquidity-layer try-catch-vulnerability returndata-bomb sstore-gas-abuse message-ordering lz-endpoint
Stargate LayerZero ULNv1 MPTValidator Immunefi Router Bridge sgReceive() lzReceive()
trust-security.xyz · Trust Security · 4 hours ago · details