bug-bounty372
xss318
google246
microsoft211
facebook194
apple138
exploit117
rce101
csrf78
malware77
account-takeover61
writeup59
bragging-post57
browser56
authentication-bypass55
cve54
access-control49
defi48
smart-contract47
privilege-escalation45
ethereum44
open-source42
ssrf40
sql-injection39
web338
dos37
ai-agents35
phishing35
docker35
aws34
supply-chain33
smart-contract-vulnerability33
cloudflare32
idor31
react30
denial-of-service28
information-disclosure27
api-security27
sqli27
oauth26
node26
clickjacking25
solidity25
burp-suite25
wordpress23
race-condition23
reverse-engineering23
remote-code-execution22
vulnerability-disclosure22
lfi22
0
3/10
bug-bounty
A researcher earned $10,000 from DFX Finance for identifying two related vulnerabilities: unsupported fee-on-transfer (FoT) token handling that can drain liquidity provider funds, and risks from using upgradable USDC as the protocol's bridge asset. The submission included functional POC and recommendations based on Uniswap's approach to handling FoT tokens.
fee-on-transfer
defi
smart-contract
dex
liquidity-pool
erc20
upgradable-tokens
bug-bounty
bragging-post
poc
DFX Finance
Immunefi
Code4Arena
Trail of Bits
USDC
Uniswap
PAXG
USDT
Beirao