bug-bounty622
facebook467
xss316
google157
microsoft104
rce102
apple62
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos34
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware26
smart-contract-vulnerability25
idor25
node25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
vulnerability-disclosure21
auth-bypass19
reverse-engineering19
react19
remote-code-execution18
aws18
lfi18
cloud17
cors17
info-disclosure16
oauth16
supply-chain16
race-condition16
docker14
authentication-bypass14
solidity14
browser13
phishing13
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
8/10
vulnerability
Acala's Homa staking protocol contained an unbounded loop in the process_redeem_requests function that could be exploited by an attacker with 12,000+ DOT to create 22,000 redemption requests, causing the validator's on_initialize function to exceed block finalization time limits and halt the entire parachain's block production.
denial-of-service
blockchain
parachain
polkadot
acala
homa
weight-limit
unbounded-loop
block-production
staking-protocol
bug-bounty
Acala
Polkadot
Homa
Immunefi
@Lastc0de
Acala Foundation