bug-bounty405
google392
xss350
microsoft305
facebook274
apple184
exploit182
rce174
malware136
cve107
account-takeover94
csrf86
browser85
writeup69
privilege-escalation66
phishing61
dos60
react59
supply-chain56
bragging-post55
authentication-bypass54
cloudflare51
node51
ssrf49
aws48
docker48
access-control46
smart-contract45
reverse-engineering45
web344
ethereum43
defi42
pentest41
oauth41
sql-injection40
lfi35
idor35
race-condition33
info-disclosure33
smart-contract-vulnerability32
cloud31
buffer-overflow30
auth-bypass29
wordpress29
clickjacking29
solidity27
subdomain-takeover27
vulnerability-disclosure25
web-application24
sqli23
0
8/10
vulnerability
A denial-of-service vulnerability in LayerZero's ONFT (ERC721) implementation allows attackers to freeze cross-chain token transfers by exploiting uncapped gas usage in the ERC721 callback mechanism. When a malicious receiver contract exhausts the gas allocation during _safeMint(), it causes the nonblockingLzReceive() to fail with insufficient gas to store the failure, permanently blocking the message queue until manual intervention.
layerzero
cross-chain-bridge
denial-of-service
gas-limit-manipulation
callback-reentrancy
erc721
onft
nonblockinglzapp
payload-blocking
vulnerability-analysis
bug-bounty
LayerZero
Stargate
ONFT
OFT
Immunefi
OpenZeppelin
NonBlockingLzApp
ULNv1