bug-bounty622
facebook479
xss316
google174
microsoft120
rce102
apple72
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos36
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware27
node26
smart-contract-vulnerability25
idor25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
react21
vulnerability-disclosure21
reverse-engineering20
auth-bypass19
aws19
remote-code-execution18
lfi18
cloud17
docker17
cors17
oauth17
supply-chain17
race-condition17
info-disclosure16
browser14
authentication-bypass14
solidity14
phishing14
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
9/10
vulnerability
A vulnerability in Tranchess's ShareStaking contract allows attackers to drain user funds by exploiting a skipped `_checkpoint()` call during rebalance events, causing a mismatch between token total supplies and actual contract balances. The attack leverages the contract's gas optimization technique to manipulate `spareAmount` calculations and steal staked tokens.
smart-contract-vulnerability
reentrancy-like
state-management-bug
yield-farming
defi
solidity
gas-optimization-bug
checkpoint-mechanism
fund-drainage
rebalance-exploit
bsc
immunefi
Tranchess
ShareStaking
FundV3
Immunefi
Queen
Bishop
Rook
floranguyen0
0
bug-bounty
A security researcher disclosed critical vulnerabilities in Moonbeam and Aurora Engine smart contracts, earning record bug bounties ($1M from Moonbeam, $6M from Aurora) by identifying delegatecall misuse and design flaws that put over $100M in DeFi assets at risk.
bug-bounty
smart-contract-vulnerability
delegatecall
defi-security
blockchain-security
layer-2
evm
wrapped-tokens
moonbeam
aurora-engine
near-protocol
ethereum
immunefi
Moonbeam
Aurora Engine
NEAR Protocol
Moonwell
Immunefi
WETH
pwning.eth