bug-bounty489
google320
xss283
microsoft260
facebook227
rce176
apple154
exploit147
malware112
account-takeover109
bragging-post102
cve92
csrf85
privilege-escalation81
authentication-bypass66
stored-xss65
writeup63
phishing60
reflected-xss57
browser57
dos57
react54
ssrf52
access-control51
supply-chain49
input-validation49
cross-site-scripting48
cloudflare48
aws47
node46
docker46
smart-contract45
sql-injection45
ethereum44
web-application43
web-security43
defi43
oauth42
reverse-engineering42
web340
lfi37
burp-suite36
idor36
vulnerability-disclosure35
html-injection33
race-condition33
smart-contract-vulnerability32
csp-bypass32
clickjacking31
information-disclosure30
0
7/10
bug-bounty
Enzyme Finance had a critical missing privilege check vulnerability in its GasRelayPaymasterLib contract where the paymaster failed to validate the trusted forwarder's address, allowing attackers to bypass signature verification and drain the Vault by crafting malicious relayCall transactions. Whitehat rootrescue discovered and responsibly disclosed the bug, earning a $400,000 bounty.
missing-privilege-check
access-control
smart-contract
ethereum
gas-station-network
meta-transactions
paymaster
trusted-forwarder
signature-verification-bypass
funds-draining
bugfix-review
Enzyme Finance
Immunefi
rootrescue
GasRelayPaymasterLib
GasRelayPaymasterFactory
GasRelayRecipientMixin
RelayHub