bug-bounty621
facebook431
xss316
google103
rce101
csrf60
microsoft59
web354
account-takeover53
writeup50
apple42
sqli41
cve35
ssrf34
exploit33
dos31
privilege-escalation28
defi28
cloudflare27
smart-contract-vulnerability25
idor24
subdomain-takeover24
ethereum23
clickjacking23
smart-contract23
vulnerability-disclosure21
access-control21
auth-bypass19
malware19
remote-code-execution18
lfi17
cors16
race-condition15
cloud15
reverse-engineering14
authentication-bypass14
solidity14
oauth12
browser12
info-disclosure12
aws12
sql-injection11
delegatecall11
denial-of-service11
phishing11
web-application-security10
vulnerability9
buffer-overflow9
web-security9
token-theft9
0
bug-bounty
A security researcher earned $10,000 on Immunefi by discovering two related vulnerabilities in DFX Finance: unhandled fee-on-transfer (FoT) tokens that drain liquidity from USDC pairs, and risks from USDC being upgradable, which could introduce breaking changes to the protocol. The submission succeeded through a functional proof-of-concept, real-world impact examples, and actionable remediation recommendations.
bug-bounty
smart-contract-vulnerability
fee-on-transfer-tokens
erc20
dex
liquidity-draining
upgradable-tokens
usdc
proof-of-concept
defi-security
curve-pool
stablecoin
token-handling
DFX Finance
Beirao
Code4Arena
Immunefi
Trail of Bits
USDC
EURT
GYEN
PAXG
USDT
Uniswap
SEC