bug-bounty408
google401
xss352
microsoft316
facebook286
exploit192
apple187
rce176
malware148
cve111
account-takeover96
browser89
csrf86
writeup71
privilege-escalation66
phishing63
dos60
react60
supply-chain58
bragging-post55
authentication-bypass54
node51
cloudflare51
ssrf50
docker48
aws48
access-control46
reverse-engineering46
smart-contract45
web345
ethereum43
oauth42
defi42
pentest41
sql-injection40
idor36
lfi36
info-disclosure35
race-condition34
cloud32
smart-contract-vulnerability32
auth-bypass31
buffer-overflow31
wordpress30
clickjacking29
subdomain-takeover27
solidity27
vulnerability-disclosure25
cors24
web-application24
0
8/10
vulnerability
A vulnerability in Polygon's Heimdall validator software allowed rogue validators to forge Ethereum log events by exploiting improperly indexed log matching in the DecodeValidatorStakeUpdateEvent function, potentially enabling stake manipulation and fraudulent bridge transactions affecting $2B+ in locked assets. The flaw resided in the side-handler verification logic that failed to properly validate log authenticity when comparing transaction receipts against incoming Heimdall messages.
consensus-layer-vulnerability
ethereum-bridge
log-parsing-vulnerability
validator-compromise
heimdall
polygon-pos
stake-management
side-handler-bypass
event-validation
proof-of-stake
cross-chain-security
side-channel-attack
Polygon PoS
Heimdall
Ethereum
StakeManager
StakingInfo
MsgStakeUpdate
Immunefi
Felix Wilhelm
Bor
Tendermint
Cosmos