bug-bounty622
facebook479
xss316
google174
microsoft120
rce102
apple72
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos36
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware27
node26
smart-contract-vulnerability25
idor25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
react21
vulnerability-disclosure21
reverse-engineering20
auth-bypass19
aws19
remote-code-execution18
lfi18
cloud17
docker17
cors17
oauth17
supply-chain17
race-condition17
info-disclosure16
browser14
authentication-bypass14
solidity14
phishing14
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
bug-bounty
A critical vulnerability was discovered in Oasis Earn service that allows attackers to selfdestruct the OperationExecutor contract through a delegatecall code-reuse attack, exploiting the assumption that executeOp() runs only in user's DSProxy context. The researcher earned a $20K bounty by chaining arbitrary calldata execution with hardcoded service registry mappings to achieve contract destruction.
smart-contract-vulnerability
delegatecall
defi
platform-shutdown
code-reuse-attack
ethereum
bug-bounty
critical-severity
service-registry
operation-executor
dsproxy
selfdestruct
Oasis
MakerDAO
Immunefi
Lido
Uniswap
Etherscan