bug-bounty621
facebook431
xss316
google103
rce101
csrf60
microsoft59
web354
account-takeover53
writeup50
apple42
sqli41
cve35
ssrf34
exploit33
dos31
privilege-escalation28
defi28
cloudflare27
smart-contract-vulnerability25
idor24
subdomain-takeover24
ethereum23
clickjacking23
smart-contract23
vulnerability-disclosure21
access-control21
auth-bypass19
malware19
remote-code-execution18
lfi17
cors16
race-condition15
cloud15
reverse-engineering14
authentication-bypass14
solidity14
oauth12
browser12
info-disclosure12
aws12
sql-injection11
delegatecall11
denial-of-service11
phishing11
web-application-security10
vulnerability9
buffer-overflow9
web-security9
token-theft9
0
8/10
vulnerability
A critical smart contract vulnerability in VeChainThor's VTHO (gas token) accrual mechanism allows attackers to artificially mint unbounded VTHO by exploiting incomplete energy settlement in the self-destruct logic when combined with flash loans. The flaw occurs because the OnSuicideContract function fails to update accrued VTHO when the transfer amount is zero, enabling repeated exploitation.
smart-contract-vulnerability
flash-loan-attack
selfdestruct-bypass
energy-accrual-bug
vtho-minting-exploit
state-management-flaw
evm-compatible-blockchain
double-spend-variant
critical-severity
immunefi-bounty
VeChainThor
VeChain
VTHO (VeThor Token)
VET (VeChain Token)
Immunefi
@nnez
OnSuicideContract
CalcEnergy