bug-bounty480
google305
xss278
microsoft256
facebook214
rce162
apple153
exploit137
bragging-post102
account-takeover99
malware97
csrf84
cve82
privilege-escalation76
authentication-bypass66
stored-xss65
writeup61
reflected-xss57
browser55
react54
phishing53
ssrf51
dos51
access-control50
input-validation49
cloudflare49
cross-site-scripting48
docker46
node46
aws46
sql-injection45
smart-contract45
ethereum44
defi43
supply-chain43
web-application43
web-security43
oauth41
web339
reverse-engineering37
burp-suite36
idor35
lfi35
vulnerability-disclosure35
html-injection33
smart-contract-vulnerability32
race-condition32
clickjacking31
csp-bypass31
information-disclosure30
0
7/10
vulnerability
A critical authorization bypass vulnerability in BitSwift's dApp frontend allowed unauthenticated users to mint unlimited BCAD tokens via an unprotected /bcad/credit endpoint that lacked proper admin permission checks, enabling attackers to drain liquidity pools. The researcher earned a $4,515 bounty after responsibly disclosing the issue.
jwt-authentication
authorization-bypass
missing-permission-checks
token-minting
web-vulnerability
dapp-security
blockchain
rest-api
javascript-recon
localstorage
BitSwift
Bitswift Cash
BCAD token
Immunefi
JWT
BigNumber