bug-bounty450
google358
microsoft315
facebook265
xss239
apple181
malware172
rce149
exploit131
bragging-post101
cve99
account-takeover93
phishing82
csrf79
privilege-escalation77
stored-xss64
supply-chain64
authentication-bypass62
dos60
reflected-xss57
browser56
react50
cloudflare49
reverse-engineering48
input-validation48
cross-site-scripting47
access-control47
docker46
smart-contract45
node45
aws45
web344
ethereum43
sql-injection42
defi42
web-security40
ssrf40
web-application39
burp-suite35
idor34
vulnerability-disclosure34
info-disclosure34
race-condition33
cloud33
buffer-overflow33
html-injection33
smart-contract-vulnerability32
oauth32
writeup32
information-disclosure30
0
7/10
vulnerability
A delegatecall vulnerability in oasisDEX's BuyCommand and SellCommand contracts allows attackers to execute arbitrary code by directly calling the external execute() function with the continuous flag set, bypassing the intended AutomationBot access control and potentially gaining unauthorized access to user CDP funds or causing system freeze via selfdestruct().
delegatecall-vulnerability
access-control
defi-security
smart-contract-bug
maker-dao
dapp-security
privilege-escalation
code-execution
vulnerability-research
immunefi
oasisDEX
MakerDAO
Immunefi
DSProxy
MultiplyProxyActions
AutomationBot
AutomationExecutor
BuyCommand
SellCommand
BaseMPACommand
DeFiSaver