bug-bounty497
google347
xss301
microsoft290
facebook261
rce211
exploit198
malware168
apple161
cve135
account-takeover115
bragging-post102
privilege-escalation96
csrf90
phishing86
browser75
writeup74
authentication-bypass69
supply-chain67
dos66
stored-xss65
reflected-xss57
ssrf56
reverse-engineering54
access-control52
react52
input-validation49
cross-site-scripting48
cloudflare47
aws47
docker46
web-security46
lfi46
smart-contract45
sql-injection45
web-application44
ethereum44
ctf43
web343
defi43
oauth43
node41
race-condition39
pentest39
open-source39
idor37
cloud37
info-disclosure36
burp-suite36
auth-bypass35
0
7/10
vulnerability
Iron Bank's CCollateralCapERC20 token fails to enforce the collateral cap invariant during account initialization, allowing totalCollateralTokens to exceed collateralCap limits and creating liquidation insolvency risks. The initializeAccountCollateralTokens() function bypasses the cap check that is properly enforced elsewhere, enabling uninitialized users to receive collateral without cap validation.
smart-contract-vulnerability
logic-error
collateral-management
defi-protocol
invariant-violation
ethereum
liquidation-risk
access-control
initialization-flaw
Iron Bank
CCollateralCapERC20
0x00e5c0774A5F065c285068170b20393925C84BF3