A high-severity vulnerability was discovered in Across V3 cross-chain bridge that allows malicious relayers to steal the full value of certain transactions from users by exploiting the optimistic relay mechanism before UMA's Optimistic Oracle validation.
A High Severity vulnerability was discovered in Across V3, a cross-chain optimistic bridge, that could allow malicious relayers to steal the full value of certain transactions from users by exploiting the relayer fulfillment mechanism prior to UMA Optimistic Oracle validation.
Researcher disclosed two critical bugs in Sei Network's Cosmos blockchain: (1) an ABCI EndBlocker panic triggered via vesting accounts that would halt the chain, and (2) a balance transfer vulnerability in EVM integration allowing arbitrary fund transfers. Both were caught pre-mainnet and awarded $75k and $2M respectively.
A privilege escalation vulnerability in Tokemak's liquidity controllers allows attackers with ADD_LIQUIDITY_ROLE to steal protocol funds by manipulating pool ratios and exploiting the deploy() function's lack of price validation. The attack creates a malicious liquidity pool with a skewed token ratio, triggers the controller to deposit at the bad ratio, then extracts tokens through swaps, potentially stealing entire reserve amounts of FOX and ALCX tokens.