bug-bounty497
google316
xss300
microsoft261
facebook228
rce194
exploit166
apple154
malware144
cve131
account-takeover113
bragging-post110
privilege-escalation88
csrf86
authentication-bypass71
stored-xss66
writeup62
phishing62
dos59
reflected-xss59
browser59
supply-chain57
access-control53
reverse-engineering50
input-validation49
react49
web-security49
ssrf48
cloudflare48
defi48
smart-contract47
cross-site-scripting46
open-source46
oauth44
ethereum44
sql-injection43
lfi42
aws41
web340
web-application38
docker38
node38
race-condition37
ctf37
burp-suite36
api-security36
info-disclosure35
ai-agents35
pentest35
buffer-overflow33
0
6/10
bug-bounty
DFX Finance had a critical rounding error vulnerability in the AssimilatorV2 contract where integer division could result in zero tokens being transferred while still minting LP tokens to the attacker. By exploiting the non-standard 2-decimal EURS token, an attacker could repeatedly deposit minimal amounts and drain approximately $237,143 from the vulnerable pool.
rounding-error
integer-division
amm
defi
smart-contract
polygon
token-decimals
deposit-vulnerability
assimilator
decentralized-exchange
DFX Finance
EURS
USDC
Immunefi
perseverance
AssimilatorV2
Chainlink
Alejandro Muñoz-McDonald