bug-bounty404
google393
xss350
microsoft305
facebook274
apple184
exploit182
rce174
malware136
cve107
account-takeover94
csrf86
browser85
writeup69
privilege-escalation66
phishing61
dos60
react59
supply-chain56
bragging-post54
authentication-bypass53
node51
cloudflare51
ssrf49
aws48
docker48
access-control46
smart-contract45
reverse-engineering45
web344
ethereum43
defi42
pentest41
oauth41
sql-injection40
lfi36
idor35
race-condition33
info-disclosure33
smart-contract-vulnerability32
cloud31
buffer-overflow30
wordpress29
auth-bypass29
clickjacking29
subdomain-takeover27
solidity27
vulnerability-disclosure25
web-application24
sqli23
0
8/10
vulnerability
A critical flash loan vulnerability in Fei Protocol's ETH/FEI Uniswap pool allocation mechanism allowed attackers to drain up to 60,000 ETH through price oracle manipulation combined with a bypass of the nonContract modifier using contract constructors. The bug was independently discovered by whitehat Alexander Schlindwein and Fei's security team, earning an $800,000 bounty.
flash-loan
defi
price-oracle
market-manipulation
uniswap
smart-contract
solidity
slippage
bug-bounty
vulnerability-disclosure
extcodesize
constructor-attack
stablecoin
Fei Protocol
Alexander Schlindwein
ArmorFi
Joey Santoro
Immunefi
OpenZeppelin
Uniswap V2
EthBondingCurve.sol
EthUniswapPCVDeposit.sol
GEKKO