ANKR and Stader's liquid staking protocols for BSC are vulnerable to MEV-based sandwich attacks on the updateRatio() reward distribution function, allowing attackers to steal rewards from the pool by depositing before reward updates and withdrawing after, without actually staking their funds for the required period. The vulnerability enables attackers to capture a proportional share of protocol rewards through timing manipulation and DeFi market exits.
Researcher Josip Franjković documented multiple race condition vulnerabilities discovered in Facebook, DigitalOcean, and LastPass that allowed attackers to bypass single-action restrictions by sending concurrent requests—including inflating page reviews, creating multiple usernames, and redeeming promo codes multiple times. All bugs were subsequently fixed and disclosed through responsible disclosure timelines.
A race condition vulnerability in Facebook chat groups allows an attacker to become invisible in group conversations while maintaining full read/write access and the ability to add/remove users without triggering read receipts. By rapidly adding and removing a target user from a group conversation, an attacker can exploit timing flaws to spy on private group messages undetected.