bug-bounty493
xss285
google254
microsoft208
facebook183
rce165
apple128
exploit126
bragging-post112
account-takeover111
malware102
cve92
privilege-escalation85
csrf85
stored-xss74
authentication-bypass72
reflected-xss61
phishing57
writeup56
access-control56
web-security54
open-source54
dos53
browser51
input-validation50
defi48
ssrf48
cross-site-scripting47
smart-contract47
cloudflare45
ethereum44
supply-chain43
sql-injection43
react42
oauth42
ai-agents40
reverse-engineering39
web-application38
web337
aws37
burp-suite36
docker36
lfi35
api-security35
information-disclosure34
html-injection33
smart-contract-vulnerability33
idor32
race-condition31
vulnerability-disclosure31
0
7/10
vulnerability
A round-down vulnerability in Astroport's Staking.rs contract allows attackers to mint zero xASTRO tokens by exploiting the absence of minimum liquidity requirements, breaking staking functionality and enabling governance control through voting power monopolization. The fix involves implementing a MINIMUM_LIQUIDITY constraint similar to Uniswap V2.
smart-contract-vulnerability
round-down-bug
token-inflation
governance-attack
defi
staking-vulnerability
dos-denial-of-service
minimum-liquidity
voting-power-manipulation
astroport
Astroport
ChainLight
SunSec
Immunefi
xASTRO
ASTRO
Staking.rs
Uniswap V2