bug-bounty442
google354
xss342
microsoft283
facebook246
apple171
exploit163
rce160
malware102
account-takeover95
cve91
bragging-post83
csrf83
writeup79
browser77
privilege-escalation68
react60
authentication-bypass57
cloudflare54
dos53
node52
docker51
ssrf51
phishing49
aws48
access-control47
smart-contract45
oauth45
supply-chain44
ethereum43
web342
defi42
sql-injection41
lfi37
idor35
smart-contract-vulnerability32
vulnerability-disclosure32
race-condition31
web-application31
clickjacking31
info-disclosure31
reverse-engineering31
wordpress30
cloud29
information-disclosure29
burp-suite29
input-validation28
solidity27
web-security27
pentest26
0
7/10
incident-report
Scroll executed an emergency upgrade on April 25, 2025 to patch two critical vulnerabilities: a soundness bug in OpenVM 1.0.0's auipc opcode circuit (off-by-one in enumeration causing insufficient range checking) and a message spoofing vulnerability in the bridge's EnforcedTxGateway contract that could allow arbitrary token minting on L2.
circuit-soundness
zero-knowledge-proof
bridge-vulnerability
message-spoofing
token-minting
emergency-patch
smart-contract-vulnerability
access-control-bypass
layer-2
scroll-network
opcode-implementation
range-check-bug
Scroll
OpenVM
Axiom
Immunefi
WhiteHatMage
Trail of Bits
L1ScrollMessenger
EnforcedTxGateway
L2ScrollMessenger