bug-bounty408
google401
xss352
microsoft315
facebook286
exploit192
apple187
rce176
malware147
cve111
account-takeover96
browser89
csrf86
writeup71
privilege-escalation66
phishing63
dos60
react60
supply-chain57
bragging-post55
authentication-bypass54
node51
cloudflare51
ssrf50
docker48
aws48
access-control46
smart-contract45
reverse-engineering45
web345
ethereum43
oauth42
defi42
pentest41
sql-injection40
idor36
lfi36
info-disclosure35
race-condition34
cloud32
smart-contract-vulnerability32
auth-bypass31
buffer-overflow31
wordpress29
clickjacking29
subdomain-takeover27
solidity27
vulnerability-disclosure25
cors24
web-application24
0
8/10
vulnerability
O3 DeFi bridge aggregators are vulnerable to token theft through callproxy parameter impersonation in the exactInputSinglePToken function, allowing attackers to redirect victim-approved funds to attacker-controlled addresses. The vulnerability affects all O3 aggregators across supported chains but is mitigated if users set MAX approval rather than finite amounts.
smart-contract-vulnerability
access-control
token-approval
defi
bridge-protocol
uniswap
ethereum
cross-chain
impersonation
fund-theft
aggregator
bug-bounty
dispute
O3
O3EthereumUniswapV3Aggregator
Uniswap V3
Immunefi
0xDjango
CVE (not provided)
0x561f712b4659be27efa68043541876a137da532b
0xC11073e2F3EC407a44b1Cff9D5962e6763F71187