bug-bounty495
xss287
google262
microsoft214
facebook184
rce169
apple129
exploit126
account-takeover112
bragging-post112
malware110
cve96
csrf86
privilege-escalation86
stored-xss74
authentication-bypass72
reflected-xss61
phishing59
access-control57
writeup56
open-source54
web-security54
browser52
dos52
input-validation50
defi48
ssrf48
smart-contract47
cross-site-scripting47
cloudflare45
reverse-engineering44
sql-injection44
ethereum44
supply-chain44
react43
oauth42
ai-agents40
aws38
web-application38
lfi37
web337
docker36
burp-suite36
api-security35
information-disclosure34
html-injection33
race-condition33
smart-contract-vulnerability33
idor32
waf-bypass31
0
7/10
vulnerability
A round-down vulnerability in Astroport's Staking.rs contract allows attackers to mint zero xASTRO tokens by exploiting the absence of minimum liquidity requirements, breaking staking functionality and enabling governance control through voting power monopolization. The fix involves implementing a MINIMUM_LIQUIDITY constraint similar to Uniswap V2.
smart-contract-vulnerability
round-down-bug
token-inflation
governance-attack
defi
staking-vulnerability
dos-denial-of-service
minimum-liquidity
voting-power-manipulation
astroport
Astroport
ChainLight
SunSec
Immunefi
xASTRO
ASTRO
Staking.rs
Uniswap V2