bug-bounty507
xss286
rce138
bragging-post119
account-takeover104
google98
open-source93
exploit92
csrf85
authentication-bypass81
privilege-escalation76
facebook75
stored-xss74
cve70
microsoft69
access-control68
ai-agents64
reflected-xss63
web-security63
writeup58
ssrf52
input-validation52
sql-injection49
defi48
smart-contract48
cross-site-scripting47
malware47
tool46
ethereum45
privacy45
information-disclosure44
api-security41
phishing41
web-application38
llm37
lfi37
burp-suite36
vulnerability-disclosure36
opinion36
apple35
automation35
cloudflare34
web333
infrastructure33
html-injection33
oauth33
idor33
responsible-disclosure33
smart-contract-vulnerability33
machine-learning32
0
5/10
vulnerability
A griefing vulnerability in Lido's Dual Governance RageQuit mechanism allowed permissionless prolongation of the RageQuit extension period, potentially blocking ETH withdrawals and protocol governance. The issue required >10% stETH veto participation to trigger and was mitigated by Emergency Committee safeguards; a patched smart contract fix was successfully deployed in September 2025.
smart-contract-vulnerability
denial-of-service
governance-attack
escrow-vulnerability
bug-bounty
immunefi
lido
ethereum
staking
dual-governance
ragequit-mechanism
responsible-disclosure
Lido
Immunefi
Dual Governance
RageQuit
Escrow.startRageQuitExtensionPeriod()
Emergency Committee
Tiebreaker committee
Vote #191
Proposal #4
stETH
LDO