bug-bounty457
google360
microsoft310
facebook264
xss250
apple176
malware175
rce165
exploit140
cve111
account-takeover104
bragging-post102
phishing84
privilege-escalation82
csrf81
supply-chain68
stored-xss65
authentication-bypass64
dos62
browser60
reflected-xss57
react52
cloudflare50
reverse-engineering49
access-control48
input-validation48
cross-site-scripting48
aws47
node46
docker46
smart-contract45
ethereum44
sql-injection43
defi43
web-security43
ssrf42
web342
web-application41
writeup37
oauth37
race-condition36
burp-suite35
info-disclosure34
idor34
vulnerability-disclosure34
auth-bypass33
cloud33
html-injection33
buffer-overflow32
smart-contract-vulnerability32
0
7/10
bug-bounty
A critical logic error in Yield Protocol's strategy contract allowed attackers to drain pool tokens by inflating the balance calculation through direct token transfers; the vulnerability was responsibly disclosed by whitehat Paludo0x, who received a $95,000 USDC bounty after the $950k at-risk vulnerability was patched by modifying the burn function to use cached pool values instead of live balance checks.
logic-error
defi
smart-contract
bug-bounty
token-balance-manipulation
pool-draining
yield-farming
arbitrum
ethereum
erc-20
responsible-disclosure
Yield Protocol
Immunefi
Paludo0x
YieldSpace Pool
fyToken
Foundry