bug-bounty622
facebook464
xss316
google152
rce105
microsoft98
apple66
csrf61
account-takeover54
web354
writeup51
exploit42
sqli41
cve37
ssrf35
cloudflare33
dos33
malware29
privilege-escalation29
defi28
smart-contract-vulnerability25
subdomain-takeover24
idor24
clickjacking23
ethereum23
smart-contract23
node22
access-control21
vulnerability-disclosure21
browser20
auth-bypass20
aws19
lfi19
remote-code-execution18
react17
reverse-engineering17
cloud17
oauth16
docker16
cors16
race-condition16
info-disclosure15
solidity14
authentication-bypass14
supply-chain13
phishing13
wordpress12
denial-of-service11
sql-injection11
delegatecall11
0
8/10
vulnerability
A critical type-confusion vulnerability in Polygon's Heimdall consensus layer allowed rogue validators to forge StakeUpdate events without proper type verification, potentially enabling validator takeover and fraudulent bridge events affecting $2B+ in locked assets. The flaw exploited incomplete event signature validation in the UnpackLog function, which failed to verify the event topic hash.
blockchain-security
polygon
heimdall
consensus-layer
validator-exploit
ethereum-bridge
stake-management
type-confusion
event-validation
cross-chain-security
proof-of-stake
side-handler
log-parsing
smart-contract-interaction
Polygon
Heimdall
Ethereum
StakeManager
StakingInfo
Cosmos
Tendermint
Bor
geth
MsgStakeUpdate
Immunefi