eip3156

1 article

sort: new top best

bug-bounty497 google347 xss301 microsoft290 facebook261 rce211 exploit198 malware168 apple161 cve135 account-takeover115 bragging-post102 privilege-escalation96 csrf90 phishing86 browser75 writeup74 authentication-bypass69 supply-chain67 dos66 stored-xss65 reflected-xss57 ssrf56 reverse-engineering54 access-control52 react52 input-validation49 cross-site-scripting48 cloudflare47 aws47 docker46 web-security46 lfi46 smart-contract45 sql-injection45 web-application44 ethereum44 ctf43 web343 defi43 oauth43 node41 race-condition39 pentest39 open-source39 idor37 cloud37 info-disclosure36 burp-suite36 auth-bypass35

0 7/10

Mushrooms

vulnerability

A critical logic error in Mushrooms Finance's StrategyCmpdWbtcV1 contract allowed unauthorized callers to execute a flashloan function intended only for internal vault callbacks, enabling a three-step flash loan attack to extract 19 wBTC (~$635k) by exploiting insufficient access controls and parameter validation.

logic-error flash-loan smart-contract defi vulnerability bug-bounty ethereum compound access-control eip3156

Mushrooms Finance CKK Sec Immunefi Compound Uniswap StrategyCmpdWbtcV1 MMVault

medium.com · CKK Sec · 23 hours ago · details