erc-20

3 articles
sort: new top best
clear filter
bug-bounty451 google354 xss338 microsoft283 facebook246 apple171 exploit163 rce160 malware102 account-takeover95 cve91 bragging-post86 csrf83 browser77 writeup75 privilege-escalation68 react60 authentication-bypass57 cloudflare54 dos53 node52 docker51 ssrf51 phishing50 aws48 access-control47 oauth45 smart-contract45 supply-chain44 ethereum43 defi42 web342 sql-injection41 lfi37 idor35 vulnerability-disclosure32 smart-contract-vulnerability32 clickjacking31 burp-suite31 info-disclosure31 race-condition31 web-application31 reverse-engineering31 wordpress30 input-validation30 web-security29 information-disclosure29 cloud29 reflected-xss29 solidity27
0 6/10
Charged Particles
bug-bounty

A high-severity griefing vulnerability in Charged Particles' NFT marketplace allowed an attacker to lock Protons (NFTs) by setting a malicious ransom contract as the royalties receiver, forcing buyers to pay bribes to complete transactions. The vulnerability was fixed after a $5,000 USDC bounty was awarded.

griefing denial-of-service smart-contract nft solidity bug-bounty erc-721 erc-20 ransom-contract blockchain web3
Charged Particles Immunefi Alejandro Muñoz-McDonald Proton.sol ERC-721 ERC-20
medium.com · janbro.eth · 19 hours ago · details
0 7/10
Redacted Cartel
bug-bounty

A critical ERC-20 token implementation bug in Redacted Cartel's wxBTRFLY contract allowed attackers to reassign user allowances to themselves via a faulty transferFrom function, risking $6 million in funds. The vulnerability was fixed by replacing the custom implementation with OpenZeppelin's battle-tested ERC-20, and the researcher received a $560,000 bounty.

erc-20 smart-contract-vulnerability approval-logic-bug ethereum token-standard transferfrom access-control fund-theft bug-bounty-writeup
Redacted Cartel Immunefi Tommaso Pifferi OpenZeppelin wxBTRFLY xBTRFLY ERC-20 ERC-721
medium.com · Tommaso Pifferi · 19 hours ago · details
0 7/10
Yield Protocol
bug-bounty

A critical logic error in Yield Protocol's strategy contract allowed attackers to drain pool tokens by inflating the balance calculation through direct token transfers; the vulnerability was responsibly disclosed by whitehat Paludo0x, who received a $95,000 USDC bounty after the $950k at-risk vulnerability was patched by modifying the burn function to use cached pool values instead of live balance checks.

logic-error defi smart-contract bug-bounty token-balance-manipulation pool-draining yield-farming arbitrum ethereum erc-20 responsible-disclosure
Yield Protocol Immunefi Paludo0x YieldSpace Pool fyToken Foundry
medium.com · Paludo0x · 19 hours ago · details