bug-bounty498
google349
xss301
microsoft292
facebook262
rce211
exploit199
malware169
apple161
cve136
account-takeover115
bragging-post102
privilege-escalation95
csrf90
phishing86
browser75
writeup74
authentication-bypass69
supply-chain67
dos66
stored-xss65
reflected-xss57
ssrf56
reverse-engineering55
react52
access-control52
input-validation49
cross-site-scripting48
cloudflare47
aws47
docker46
lfi46
web-security46
sql-injection45
smart-contract45
web-application44
ethereum44
web343
oauth43
defi43
ctf43
node42
pentest39
open-source39
race-condition39
idor37
cloud37
burp-suite36
info-disclosure36
auth-bypass35
0
7/10
vulnerability
A critical price oracle manipulation vulnerability was discovered in Enzyme Finance's Idle token pricing mechanism, where flashloans from IdleTokenGovernance.sol could manipulate the totalSupply calculation used in price computation (totalNav/totalSupply), allowing attackers to exploit share buying. The bug was introduced in Idle v5 when flashloan logic was added, and the researcher received a $90,000 bounty for reporting with a working proof-of-concept.
price-oracle-manipulation
flashloan
defi
smart-contract-vulnerability
enzyme-finance
idle-tokens
bug-bounty
ethereum
amm
vulnerability-analysis
Enzyme Finance
Immunefi
setuid0
SSLab
Georgia Tech
IdleTokenGovernance.sol
ComptrollerLib.sol
VaultInterpreter.sol
IDerivativePriceFeed.sol
IdlePriceFeed.sol
Aave
Uniswap
Chainlink