bug-bounty487
google307
xss300
microsoft254
facebook222
rce192
exploit161
apple147
malware140
cve129
account-takeover113
bragging-post110
privilege-escalation88
csrf86
authentication-bypass71
stored-xss66
phishing61
writeup59
reflected-xss59
dos58
browser57
supply-chain55
access-control52
input-validation49
web-security49
react48
reverse-engineering48
defi48
ssrf48
smart-contract47
cross-site-scripting46
open-source46
cloudflare46
ethereum44
oauth44
sql-injection43
lfi42
aws41
web340
web-application38
docker38
ctf37
race-condition37
api-security36
burp-suite36
node35
ai-agents35
pentest34
smart-contract-vulnerability33
information-disclosure33
0
6/10
bug-bounty
DFX Finance had a critical rounding error vulnerability in the AssimilatorV2 contract where integer division could result in zero tokens being transferred while still minting LP tokens to the attacker. By exploiting the non-standard 2-decimal EURS token, an attacker could repeatedly deposit minimal amounts and drain approximately $237,143 from the vulnerable pool.
rounding-error
integer-division
amm
defi
smart-contract
polygon
token-decimals
deposit-vulnerability
assimilator
decentralized-exchange
DFX Finance
EURS
USDC
Immunefi
perseverance
AssimilatorV2
Chainlink
Alejandro Muñoz-McDonald