bug-bounty407
google400
xss352
microsoft313
facebook284
exploit191
apple187
rce176
malware145
cve111
account-takeover95
browser89
csrf86
writeup71
privilege-escalation66
phishing63
dos60
react60
supply-chain57
bragging-post55
authentication-bypass54
node51
cloudflare51
ssrf50
docker48
aws48
access-control46
smart-contract45
reverse-engineering45
web345
ethereum43
oauth42
defi42
pentest41
sql-injection40
idor36
lfi36
info-disclosure35
race-condition34
cloud32
smart-contract-vulnerability32
buffer-overflow31
auth-bypass30
wordpress29
clickjacking29
subdomain-takeover27
solidity27
vulnerability-disclosure25
cors24
web-application24
0
8/10
vulnerability
A denial-of-service vulnerability in Acala's Homa module allowed attackers with 12,000+ DOT to halt block production by creating 22,000 redemption requests that exceeded processing time limits during the weekly on_initialize function call. The vulnerability stemmed from unbounded iteration over a RedeemRequests map with no size constraints, enabling attackers to temporarily halt the entire parachain with only gas fees as expense.
denial-of-service
block-production
parachain
polkadot
liquid-staking
unbounded-iteration
resource-exhaustion
bug-bounty
immunefi
homa-module
acala
Acala
Polkadot
Homa
Immunefi
@Lastc0de
DOT
LDOT