bug-bounty456
google362
xss339
microsoft289
facebook252
apple173
rce170
exploit168
malware112
cve99
account-takeover96
bragging-post86
csrf84
browser78
writeup77
privilege-escalation72
react60
authentication-bypass57
phishing55
dos55
cloudflare54
node53
ssrf52
docker51
supply-chain49
aws48
oauth47
access-control47
smart-contract45
web343
ethereum43
defi42
sql-injection41
lfi39
idor36
reverse-engineering35
race-condition33
vulnerability-disclosure32
smart-contract-vulnerability32
info-disclosure31
cloud31
web-application31
clickjacking31
burp-suite31
input-validation30
wordpress30
information-disclosure29
pentest29
reflected-xss29
web-security29
0
4/10
bug-bounty
Collection of bug reports from Merkle Bonsai covering vulnerabilities in blockchain projects including Ocean Protocol (hybrid NFT attacks via on-chain data manipulation), Oasys L2 blockchain, and Eco's lockup contract. Demonstrates hybrid attack vectors where projects incorrectly rely on modifiable on-chain data.
smart-contract
blockchain
bug-bounty
nft
ethereum
hybrid-attack
on-chain-data-manipulation
dido
ocean-protocol
oasys
eco-lockup
immunefi
Ocean Protocol
Oasys
Eco
Merkle Bonsai
Immunefi
Bandai Namco
DoubleJump.japan
Ethereum
0
5/10
vulnerability-collection
Collection of three smart contract vulnerability writeups covering critical access control issues: Betverse ICO's public transferTokenToLockedAddresses() function enabling token theft, Ocean Protocol's unprotected ownerWithdraw() function allowing unauthorized fund transfer, and Oasys L1 bridge contract vulnerability enabling NFT theft.
smart-contract-vulnerability
access-control
function-visibility
token-theft
web3-security
solidity
immunefi
betverse
ocean-protocol
oasys
nft-theft
bridge-vulnerability
unprotected-function
Shanmuga Bharathi
Betverse
Ocean Protocol
Oasys
Immunefi
BToken