bug-bounty457
google362
microsoft310
facebook264
xss251
apple177
malware176
rce165
exploit141
cve111
account-takeover105
bragging-post102
phishing84
privilege-escalation82
csrf81
supply-chain68
stored-xss65
authentication-bypass64
dos62
browser61
reflected-xss57
react52
cloudflare50
reverse-engineering49
access-control48
input-validation48
cross-site-scripting48
aws47
node46
docker46
smart-contract45
ethereum44
sql-injection43
defi43
web-security43
ssrf42
web342
web-application41
oauth38
writeup37
race-condition36
burp-suite35
info-disclosure34
idor34
vulnerability-disclosure34
auth-bypass33
cloud33
html-injection33
buffer-overflow32
smart-contract-vulnerability32
0
4/10
bug-bounty
Collection of bug reports from Merkle Bonsai covering vulnerabilities in blockchain projects including Ocean Protocol (hybrid NFT attacks via on-chain data manipulation), Oasys L2 blockchain, and Eco's lockup contract. Demonstrates hybrid attack vectors where projects incorrectly rely on modifiable on-chain data.
smart-contract
blockchain
bug-bounty
nft
ethereum
hybrid-attack
on-chain-data-manipulation
dido
ocean-protocol
oasys
eco-lockup
immunefi
Ocean Protocol
Oasys
Eco
Merkle Bonsai
Immunefi
Bandai Namco
DoubleJump.japan
Ethereum