bug-bounty480
google304
xss278
microsoft254
facebook214
rce162
apple151
exploit137
bragging-post102
account-takeover99
malware97
csrf83
cve82
privilege-escalation76
authentication-bypass66
stored-xss65
writeup61
reflected-xss57
react54
browser54
phishing53
ssrf51
dos51
access-control50
input-validation49
cloudflare49
cross-site-scripting48
docker46
aws46
node46
smart-contract45
sql-injection45
ethereum44
defi43
web-application43
web-security43
supply-chain43
oauth41
web339
reverse-engineering37
burp-suite36
lfi35
vulnerability-disclosure35
idor35
html-injection33
race-condition32
smart-contract-vulnerability32
csp-bypass31
clickjacking31
information-disclosure30
0
7/10
vulnerability
A critical authorization bypass vulnerability in BitSwift's dApp frontend allowed unauthenticated users to mint unlimited BCAD tokens via an unprotected /bcad/credit endpoint that lacked proper admin permission checks, enabling attackers to drain liquidity pools. The researcher earned a $4,515 bounty after responsibly disclosing the issue.
jwt-authentication
authorization-bypass
missing-permission-checks
token-minting
web-vulnerability
dapp-security
blockchain
rest-api
javascript-recon
localstorage
BitSwift
Bitswift Cash
BCAD token
Immunefi
JWT
BigNumber