bug-bounty507
xss286
rce144
bragging-post119
account-takeover104
google101
exploit94
open-source93
csrf85
authentication-bypass80
facebook75
microsoft75
stored-xss74
cve73
privilege-escalation72
access-control67
ai-agents64
web-security63
reflected-xss63
writeup58
ssrf52
input-validation52
malware51
sql-injection49
smart-contract48
defi48
cross-site-scripting47
tool46
ethereum45
information-disclosure44
privacy44
api-security41
phishing41
web-application38
lfi37
apple37
llm37
opinion36
burp-suite36
automation35
cloudflare34
idor33
oauth33
vulnerability-disclosure33
web333
infrastructure33
smart-contract-vulnerability33
responsible-disclosure33
html-injection33
machine-learning32
0
5/10
bug-bounty
A researcher discovered a critical $150,000 Evmos vulnerability by simply reading Cosmos documentation—sending funds to the distribution module account (which should be blocklisted) triggered invariant violations that halted the entire blockchain and all dependent dApps.
cosmos-blockchain
evmos
module-accounts
invariant-breaking
fund-transfer
denial-of-service
blockchain-halting
bug-bounty
web3-security
golang
bragging-post
Evmos
Cosmos
Immunefi
jayjonah.eth
x/bank module
distribution module
0
9/10
vulnerability
Security researcher discovered two critical bugs in Sei Network's layer-1 blockchain: (1) an ABCI panic in the EVM EndBlocker triggered by vesting accounts with locked funds, causing chain halts, and (2) a balance handling vulnerability allowing arbitrary fund transfers via negative number handling in SubBalance/AddBalance functions. Both bugs were caught pre-mainnet and rewarded at $75,000 and $2,000,000 respectively.
cosmos-sdk
blockchain
layer-1
evm-integration
panic-handling
state-management
fund-transfer
chain-halting
vesting-accounts
balance-handling
abci-methods
tendermint
Sei Network
Sei Foundation
Cosmos SDK
Geth
Trail of Bits
Immunefi
CVE-2024 (implied, not explicitly stated)