bug-bounty408
google401
xss352
microsoft316
facebook286
exploit192
apple187
rce176
malware148
cve111
account-takeover96
browser89
csrf86
writeup71
privilege-escalation66
phishing63
dos60
react60
supply-chain58
bragging-post55
authentication-bypass54
node51
cloudflare51
ssrf50
docker48
aws48
access-control46
reverse-engineering46
smart-contract45
web345
ethereum43
oauth42
defi42
pentest41
sql-injection40
idor36
lfi36
info-disclosure35
race-condition34
cloud32
smart-contract-vulnerability32
auth-bypass31
buffer-overflow31
wordpress30
clickjacking29
subdomain-takeover27
solidity27
vulnerability-disclosure25
cors24
web-application24
0
8/10
vulnerability
A critical flash loan vulnerability in Fei Protocol's ETH/FEI Uniswap pool allocation mechanism allowed attackers to drain up to 60,000 ETH through price oracle manipulation combined with a bypass of the nonContract modifier using contract constructors. The bug was independently discovered by whitehat Alexander Schlindwein and Fei's security team, earning an $800,000 bounty.
flash-loan
defi
price-oracle
market-manipulation
uniswap
smart-contract
solidity
slippage
bug-bounty
vulnerability-disclosure
extcodesize
constructor-attack
stablecoin
Fei Protocol
Alexander Schlindwein
ArmorFi
Joey Santoro
Immunefi
OpenZeppelin
Uniswap V2
EthBondingCurve.sol
EthUniswapPCVDeposit.sol
GEKKO