bug-bounty487
google307
xss300
microsoft254
facebook222
rce192
exploit161
apple147
malware140
cve129
account-takeover113
bragging-post110
privilege-escalation88
csrf86
authentication-bypass71
stored-xss66
phishing61
writeup59
reflected-xss59
dos58
browser57
supply-chain55
access-control52
input-validation49
web-security49
react48
reverse-engineering48
defi48
ssrf48
smart-contract47
cross-site-scripting46
open-source46
cloudflare46
ethereum44
oauth44
sql-injection43
lfi42
aws41
web340
web-application38
docker38
ctf37
race-condition37
api-security36
burp-suite36
node35
ai-agents35
pentest34
smart-contract-vulnerability33
information-disclosure33
0
6/10
bug-bounty
A critical vulnerability in Zapper's "Zap Out" contracts allowed attackers to inject arbitrary call data into permit functions, enabling the theft of LP tokens from any user who had approved the contract. The vulnerability was patched within 24 hours of disclosure, with a $25,000 bounty awarded to the whitehat researcher.
arbitrary-call-data
smart-contract-vulnerability
permit-function
token-theft
uniswap
sushiswap
liquidity-pool
insufficient-input-validation
bug-bounty
web3
defi
Zapper
Immunefi
Lucash-dev
Uniswap
Sushiswap