bug-bounty496
xss255
rce132
bragging-post119
google109
account-takeover107
authentication-bypass94
privilege-escalation92
open-source92
facebook86
csrf83
malware83
microsoft76
access-control75
stored-xss75
ai-agents67
web-security64
reflected-xss63
exploit62
phishing59
cve55
information-disclosure52
input-validation52
sql-injection51
smart-contract49
defi48
cross-site-scripting48
privacy47
tool46
ethereum46
reverse-engineering45
ssrf44
api-security44
vulnerability-disclosure40
web-application38
ai-security38
burp-suite37
opinion37
llm37
dos36
writeup36
apple36
automation35
responsible-disclosure35
cloudflare34
remote-code-execution33
web333
infrastructure33
html-injection33
smart-contract-vulnerability33
0
5/10
bug-bounty
Brahma vault's collectFees() function incorrectly charges performance fees on gains without accounting for losses, causing users to lose portions of their original deposits during volatile market conditions. The bug stems from not tracking maximum share price per user or accumulated losses, allowing fees to be extracted from principal rather than only from actual profits.
smart-contract-vulnerability
defi
performance-fee-bug
vault
ethereum
solidity
logic-error
fund-loss
bragging-post
Brahma
0x3c4Fe0db16c9b521480c43856ba3196A9fa50E08
Immunefi
Enso Finance
code-423n4