bug-bounty408
google401
xss352
microsoft316
facebook286
exploit192
apple187
rce176
malware148
cve111
account-takeover96
browser89
csrf86
writeup71
privilege-escalation66
phishing63
dos60
react60
supply-chain58
bragging-post55
authentication-bypass54
node51
cloudflare51
ssrf50
docker48
aws48
access-control46
reverse-engineering46
smart-contract45
web345
ethereum43
oauth42
defi42
pentest41
sql-injection40
idor36
lfi36
info-disclosure35
race-condition34
cloud32
smart-contract-vulnerability32
auth-bypass31
buffer-overflow31
wordpress30
clickjacking29
subdomain-takeover27
solidity27
vulnerability-disclosure25
cors24
web-application24
0
8/10
vulnerability-research
Trust Security disclosed a widespread DOS vulnerability affecting 100+ DeFi projects that misuse EIP-2612's permit() function in contract call compositions. When permit() is frontrun as part of a multi-step transaction, it causes the entire function to revert, enabling denial-of-service attacks—a flaw in the original EIP's threat model that assumes A;A* (reverted action) is harmless, but fails when A is part of a sequence A;B;C.
eip-2612
permit
erc20
front-running
denial-of-service
signature-replay
smart-contract
ethereum
bug-bounty
vulnerability-class
composition-attack
gas-abstraction
bug-causality
EIP-2612
ERC20
EIP-712
Immunefi
OpenZeppelin
AAVE
The Graph
Uniswap-V2
Ribbon
Pods
Nexus Mutual
Mars
Gro
Ease
Kyber
DeBridge
SpookySwap
Angle
Morpho
100proof
Arbitrum