bug-bounty622
facebook479
xss316
google174
microsoft120
rce102
apple72
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos36
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware27
node26
smart-contract-vulnerability25
idor25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
react21
vulnerability-disclosure21
reverse-engineering20
auth-bypass19
aws19
remote-code-execution18
lfi18
cloud17
docker17
cors17
oauth17
supply-chain17
race-condition17
info-disclosure16
browser14
authentication-bypass14
solidity14
phishing14
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
vulnerability-disclosure
Trust Security discovered a class of DOS vulnerabilities affecting 100+ projects that abuse the frontrunnable nature of EIP-2612 Permit function when composed with other contract logic. The vulnerability allows attackers to force transaction reverts by front-running permit() calls, causing griefing attacks that block normal function execution, with $50k in bounties awarded across 15 projects.
eip-2612
permit
erc20
denial-of-service
dos
frontrunning
signature-replay
smart-contract
ethereum
bug-bounty
vulnerability-disclosure
griefing
transaction-ordering
composability-issue
eip712
delegatebysig
mempool-attack
EIP-2612
ERC20
Permit
OpenZeppelin
AAVE
The Graph
Uniswap-V2
Ribbon
Pods
Nexus Mutual
Mars
Gro
Ease
Kyber
DeBridge
SpookySwap
Angle
Morpho
Immunefi
100proof
Trust Security
ERC20 Governance