dos-attack

2 articles
Sort: New Top Best
clear filter
bug-bounty622 facebook479 xss316 google174 microsoft120 rce102 apple72 csrf60 web355 account-takeover53 writeup51 exploit43 sqli41 dos36 ssrf34 cve33 cloudflare32 privilege-escalation29 defi28 malware27 node26 smart-contract-vulnerability25 idor25 subdomain-takeover24 clickjacking23 smart-contract23 ethereum23 access-control21 react21 vulnerability-disclosure21 reverse-engineering20 auth-bypass19 aws19 remote-code-execution18 lfi18 cloud17 docker17 cors17 oauth17 supply-chain17 race-condition17 info-disclosure16 browser14 authentication-bypass14 solidity14 phishing14 denial-of-service11 sql-injection11 delegatecall11 wordpress10
0
Optimism
vulnerability

A critical censorship vulnerability was discovered in Optimism's sequencer where the chain ID was not validated before rate limiting, allowing attackers to replay transactions from other chains to indefinitely censor 1.3 million accounts by triggering rate limits. The bug affected major protocols including LayerZero, Aave, Uniswap, and Optimism's own multisig owners, enabling selective account censorship with strategic timing control.

sequencer-vulnerability rate-limiting-bypass transaction-censorship chain-id-validation layer-2 optimism dos-attack eip-155 json-rpc proxyd single-point-of-failure censorship-resistance replay-attack nonce-validation
Optimism Labs Bernard Wagner iosiro Optimism Bedrock LayerZero Across Synapse Hop Bridge LayerSwap Aave Uniswap Immunefi Dune Analytics EIP-155 proxyd
iosiro.com · iosiro · 4 hours ago · details
0
Stargate
vulnerability

Two high-severity Denial of Service vulnerabilities discovered in Stargate, LayerZero's liquidity layer: Bug #1 exploits a Solidity quirk where try/catch statements revert when calling non-contract addresses, allowing attackers to permanently freeze message channels by targeting non-existent contracts with swap payloads; Bug #2 abuses SSTORE gas costs to create payloads exceeding the 175k gas budget allocated for cross-chain message delivery, causing out-of-gas reverts that block the entire bridge channel.

layerzero stargate cross-chain dos-attack solidity-vulnerability bridge-security gas-attack callback-vulnerability smart-contract liquidity-layer try-catch-vulnerability returndata-bomb sstore-gas-abuse message-ordering lz-endpoint
Stargate LayerZero ULNv1 MPTValidator Immunefi Router Bridge sgReceive() lzReceive()
trust-security.xyz · Trust Security · 4 hours ago · details