bug-bounty621
facebook431
xss316
google103
rce101
csrf60
microsoft59
web354
account-takeover53
writeup50
apple42
sqli41
cve35
ssrf34
exploit33
dos31
privilege-escalation28
defi28
cloudflare27
smart-contract-vulnerability25
idor24
subdomain-takeover24
ethereum23
clickjacking23
smart-contract23
vulnerability-disclosure21
access-control21
auth-bypass19
malware19
remote-code-execution18
lfi17
cors16
race-condition15
cloud15
reverse-engineering14
authentication-bypass14
solidity14
oauth12
browser12
info-disclosure12
aws12
sql-injection11
delegatecall11
denial-of-service11
phishing11
web-application-security10
vulnerability9
buffer-overflow9
web-security9
token-theft9
0
vulnerability
A critical integer truncation vulnerability was discovered in Astar's assets-erc20 precompile that allowed attackers to steal approximately $400,000 USD worth of tokens by exploiting how uint256 amounts are truncated to u128 during ERC-20 transfers, enabling zero-token transfers to appear successful. The vulnerability affected smart contracts that relied on the transfer/transferFrom functions without proper validation of the return value.
integer-truncation
smart-contract-vulnerability
evm-compatibility
precompile-vulnerability
polkadot
substrate
frontier
astar-network
erc20
token-theft
critical-vulnerability
bug-bounty
cryptocurrency-security
Astar
Zellic
Polkadot
Substrate
Frontier
Parity Technologies
Faith
vakzz
Immunefi
Kagla Finance
EVM
Wasm