bug-bounty507
xss286
rce144
bragging-post119
account-takeover104
google101
exploit94
open-source93
csrf85
authentication-bypass80
facebook75
microsoft75
stored-xss74
cve73
privilege-escalation72
access-control67
ai-agents64
web-security63
reflected-xss63
writeup58
ssrf52
input-validation52
malware51
sql-injection49
smart-contract48
defi48
cross-site-scripting47
tool46
ethereum45
privacy44
information-disclosure44
api-security41
phishing40
web-application38
lfi37
apple37
llm37
opinion36
burp-suite36
automation35
cloudflare34
idor33
infrastructure33
web333
vulnerability-disclosure33
oauth33
smart-contract-vulnerability33
responsible-disclosure33
html-injection33
machine-learning32
0
5/10
vulnerability
Vesu disclosed a critical rounding convention vulnerability in the Singleton contract's liquidate_position function that could allow fund theft through malicious pool extensions, flashloans, and receive_as_shares flag manipulation. The vulnerability was remediated by removing the affected liquidation logic, whitelisting pool extensions, and migrating all user funds.
rounding-convention
lending-protocol
smart-contract
liquidation
bug-bounty
responsible-disclosure
defi
cairo
starknet
flashloan-attack
pool-extension
whitelisting
vulnerability-remediation
Vesu
Immunefi
Argent Labs
ChainSecurity
Re7 Labs
Braavos
Alterscope
0
7/10
bug-bounty
Enzyme Finance had a critical price oracle manipulation vulnerability in Idle token pricing where flashloans could manipulate the totalSupply used in price calculations (totalNav/totalSupply). Researcher setuid0 discovered and reported the bug with a working PoC, earning a $90,000 bounty.
price-oracle-manipulation
flashloan-attack
defi-security
smart-contract-vulnerability
idle-finance
enzyme-finance
bug-bounty
vulnerability-disclosure
on-chain-oracle
amm-oracle
Enzyme Finance
Immunefi
setuid0
SSLab
Georgia Tech
IdleTokenGovernance.sol
IdlePriceFeed.sol
ComptrollerLib.sol
VaultInterpreter.sol
IDerivativePriceFeed.sol
Aave
Uniswap
Sushiswap
PancakeSwap
Curve
Bancor
Balancer
Chainlink