bug-bounty457
google360
microsoft310
facebook264
xss250
apple176
malware175
rce165
exploit140
cve111
account-takeover104
bragging-post102
phishing84
privilege-escalation82
csrf81
supply-chain68
stored-xss65
authentication-bypass64
dos62
browser60
reflected-xss57
react52
cloudflare50
reverse-engineering49
access-control48
input-validation48
cross-site-scripting48
aws47
node46
docker46
smart-contract45
ethereum44
sql-injection43
defi43
web-security43
ssrf42
web342
web-application41
writeup37
oauth37
race-condition36
burp-suite35
info-disclosure34
idor34
vulnerability-disclosure34
auth-bypass33
cloud33
html-injection33
buffer-overflow32
smart-contract-vulnerability32
0
7/10
vulnerability
A critical returndata bomb vulnerability in RAI's LiquidationEngine allows malicious savior contracts to crash liquidations by reverting with massive return data, causing out-of-gas errors and creating unliquidatable positions that lead to protocol bad debt. The vulnerability was acknowledged as technically valid but dismissed as out-of-scope due to savior whitelisting, with Immunefi reversing its initial Medium severity recommendation to None without new technical justification.
returndata-bomb
smart-contract-vulnerability
liquidation-engine
denial-of-service
gas-exhaustion
evm
defi
immunefi
bug-bounty-dispute
governance-bypass
bad-debt
protocol-insolvency
savior-contracts
RAI
Reflexer Finance
Immunefi
CVE-2023-XXXXX