bug-bounty484
google314
xss279
microsoft259
facebook219
rce172
apple153
exploit142
malware107
bragging-post102
account-takeover100
cve89
csrf84
privilege-escalation80
authentication-bypass66
stored-xss65
writeup62
phishing57
reflected-xss57
browser55
react54
dos53
ssrf52
access-control50
input-validation49
cloudflare49
cross-site-scripting48
supply-chain47
node47
aws46
docker46
sql-injection45
smart-contract45
ethereum44
web-security43
oauth43
web-application43
defi43
web340
reverse-engineering39
lfi37
burp-suite36
idor36
vulnerability-disclosure35
html-injection33
race-condition33
csp-bypass32
smart-contract-vulnerability32
clickjacking31
information-disclosure30
0
7/10
bug-bounty
Enzyme Finance had a critical missing privilege check vulnerability in its GasRelayPaymasterLib contract where the paymaster failed to validate the trusted forwarder's address, allowing attackers to bypass signature verification and drain the Vault by crafting malicious relayCall transactions. Whitehat rootrescue discovered and responsibly disclosed the bug, earning a $400,000 bounty.
missing-privilege-check
access-control
smart-contract
ethereum
gas-station-network
meta-transactions
paymaster
trusted-forwarder
signature-verification-bypass
funds-draining
bugfix-review
Enzyme Finance
Immunefi
rootrescue
GasRelayPaymasterLib
GasRelayPaymasterFactory
GasRelayRecipientMixin
RelayHub