protocol-insolvency

3 articles
Sort: New Top Best
clear filter
bug-bounty622 facebook479 xss316 google174 microsoft120 rce102 apple72 csrf60 web355 account-takeover53 writeup51 exploit43 sqli41 dos36 ssrf34 cve33 cloudflare32 privilege-escalation29 defi28 malware27 node26 smart-contract-vulnerability25 idor25 subdomain-takeover24 clickjacking23 smart-contract23 ethereum23 access-control21 react21 vulnerability-disclosure21 reverse-engineering20 auth-bypass19 aws19 remote-code-execution18 lfi18 cloud17 docker17 cors17 oauth17 supply-chain17 race-condition17 info-disclosure16 browser14 authentication-bypass14 solidity14 phishing14 denial-of-service11 sql-injection11 delegatecall11 wordpress10
0 8/10
RAI
vulnerability

A returndata bomb vulnerability in RAI's LiquidationEngine allows an attacker to deploy a malicious whitelisted savior contract that reverts with massive data, exhausting gas during the catch clause and rendering positions unliquidatable—causing protocol bad debt. The researcher disputes Immunefi's downgrade from Medium to None severity, arguing governance whitelisting cannot detect this emergent EVM interaction vulnerability.

smart-contract-vulnerability gas-manipulation returndata-bomb liquidation-attack ethereum solidity defi-protocol vulnerability-disclosure bounty-dispute governance-bypass out-of-gas-attack protocol-insolvency bug-bounty-platform
RAI Reflexer Finance Immunefi LiquidationEngine Safe Saviours geb repository
trust-security.xyz · Trust Security · 4 hours ago · details
0
Brahma
vulnerability

Brahma.Fi's L2 position handler contains a sign confusion bug in positionInWantToken() that miscalculates position value when the account is underwater, treating negative account values as positive funds. This leads to incorrect share calculations during deposits/withdrawals, fee overcharges, and potential protocol insolvency through user exploitation.

sign-confusion position-value-miscalculation accounting-error protocol-insolvency l2-security perpetual-protocol leverage-trading fund-loss withdrawal-exploit fee-manipulation underwater-position clearing-house solidity
Brahma.Fi PerpV2Controller PerpTradeExecutor Perpetual Protocol Optimism 0x1b6BF7Ab4163f9a7C1D4eCB36299525048083B5e
trust-security.xyz · Trust · 4 hours ago · details
0
Fringe.fi
vulnerability

A critical protocol insolvency bug in Fringe.fi's lending platform allows borrowers to withdraw collateral without updating accrued interest, leaving the protocol with undercollaterized positions that cannot be liquidated. The vulnerability exploits the fact that updateInterestInBorrowPositions() is only called when withdrawing the maximum amount, enabling attackers to maintain stale accrual values and manipulate their health factor below the required 1.0 threshold.

lending-protocol smart-contract-vulnerability protocol-insolvency collateral-management health-factor-manipulation interest-accrual-bug undercollaterization bug-bounty defi ethereum compound-v2-fork
Fringe.fi Fringe PIT Compound V2 USDC Frax Share CVE
trust-security.xyz · Trust · 4 hours ago · details