bug-bounty408
google401
xss352
microsoft315
facebook286
exploit192
apple187
rce176
malware147
cve111
account-takeover96
browser89
csrf86
writeup71
privilege-escalation66
phishing63
dos60
react60
supply-chain57
bragging-post55
authentication-bypass54
node51
cloudflare51
ssrf50
docker48
aws48
access-control46
smart-contract45
reverse-engineering45
web345
ethereum43
oauth42
defi42
pentest41
sql-injection40
idor36
lfi36
info-disclosure35
race-condition34
cloud32
smart-contract-vulnerability32
auth-bypass31
buffer-overflow31
wordpress29
clickjacking29
subdomain-takeover27
solidity27
vulnerability-disclosure25
cors24
web-application24
0
8/10
vulnerability
A denial-of-service vulnerability in LayerZero's ONFT (ERC721) implementation allows attackers to freeze cross-chain token transfers by exploiting uncapped gas usage in the ERC721 callback mechanism. When a malicious receiver contract exhausts the gas allocation during _safeMint(), it causes the nonblockingLzReceive() to fail with insufficient gas to store the failure, permanently blocking the message queue until manual intervention.
layerzero
cross-chain-bridge
denial-of-service
gas-limit-manipulation
callback-reentrancy
erc721
onft
nonblockinglzapp
payload-blocking
vulnerability-analysis
bug-bounty
LayerZero
Stargate
ONFT
OFT
Immunefi
OpenZeppelin
NonBlockingLzApp
ULNv1