bug-bounty473
google371
microsoft318
facebook271
xss267
rce184
apple178
malware177
exploit165
cve122
account-takeover110
bragging-post102
phishing85
csrf85
privilege-escalation83
browser71
supply-chain69
stored-xss65
authentication-bypass64
dos64
react58
reflected-xss57
cloudflare52
reverse-engineering50
access-control48
node48
input-validation48
aws48
cross-site-scripting48
writeup47
docker46
ssrf45
smart-contract45
ethereum44
web-security43
sql-injection43
defi43
web343
oauth41
web-application41
lfi38
info-disclosure37
pentest37
race-condition37
idor35
burp-suite35
auth-bypass35
vulnerability-disclosure34
cloud34
html-injection33
0
7/10
vulnerability
A critical returndata bomb vulnerability in RAI's LiquidationEngine allows malicious savior contracts to crash liquidations by reverting with massive return data, causing out-of-gas errors and creating unliquidatable positions that lead to protocol bad debt. The vulnerability was acknowledged as technically valid but dismissed as out-of-scope due to savior whitelisting, with Immunefi reversing its initial Medium severity recommendation to None without new technical justification.
returndata-bomb
smart-contract-vulnerability
liquidation-engine
denial-of-service
gas-exhaustion
evm
defi
immunefi
bug-bounty-dispute
governance-bypass
bad-debt
protocol-insolvency
savior-contracts
RAI
Reflexer Finance
Immunefi
CVE-2023-XXXXX