bug-bounty622
facebook479
xss316
google174
microsoft120
rce102
apple72
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos36
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware27
node26
smart-contract-vulnerability25
idor25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
react21
vulnerability-disclosure21
reverse-engineering20
auth-bypass19
aws19
remote-code-execution18
lfi18
cloud17
docker17
cors17
oauth17
supply-chain17
race-condition17
info-disclosure16
browser14
authentication-bypass14
solidity14
phishing14
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
vulnerability
A privilege escalation vulnerability in Tokemak's liquidity controllers allows attackers with ADD_LIQUIDITY_ROLE to steal protocol funds by manipulating pool ratios and exploiting the deploy() function's lack of price validation. The attack creates a malicious liquidity pool with a skewed token ratio, triggers the controller to deposit at the bad ratio, then extracts tokens through swaps, potentially stealing entire reserve amounts of FOX and ALCX tokens.
privilege-escalation
liquidity-pool-manipulation
price-oracle-manipulation
flash-loan-style-attack
uniswap
sushiswap
defi-vulnerability
access-control
flash-swap
constant-product-formula
twap-oracle
fund-theft
smart-contract-vulnerability
Tokemak
SushiswapControllerV2
UniswapController
Chainlink
FOX
ALCX