unprotected-function

2 articles

sort: new top best

bug-bounty451 google354 xss338 microsoft283 facebook246 apple171 exploit163 rce160 malware102 account-takeover95 cve91 bragging-post86 csrf83 browser77 writeup75 privilege-escalation68 react60 authentication-bypass57 cloudflare54 dos53 node52 docker51 ssrf51 phishing50 aws48 access-control47 oauth45 smart-contract45 supply-chain44 ethereum43 defi42 web342 sql-injection41 lfi37 idor35 vulnerability-disclosure32 smart-contract-vulnerability32 clickjacking31 burp-suite31 info-disclosure31 race-condition31 web-application31 reverse-engineering31 wordpress30 input-validation30 web-security29 information-disclosure29 cloud29 reflected-xss29 solidity27

0 7/10

88mph

vulnerability

An unprotected init() function in 88mph's CRV:RENWBTC, CRV:STETH, and yaLink pools lacked onlyOwner and initializer modifiers, allowing anyone to call it multiple times and take ownership of NFT contracts to mint/burn user deposits. The vulnerability was worth approximately $6.5M in potential theft and was responsibly disclosed and patched via whitehack.

smart-contract-vulnerability access-control initialization-bug ethereum defi bug-bounty whitehack privilege-escalation nft unprotected-function

88mph Immunefi Ashiq Amien iosiro Duncan Townsend CVE-2021-41119

medium.com · Ashiq Amien · 19 hours ago · details

0 5/10

Ocean

vulnerability-collection

Collection of three smart contract vulnerability writeups covering critical access control issues: Betverse ICO's public transferTokenToLockedAddresses() function enabling token theft, Ocean Protocol's unprotected ownerWithdraw() function allowing unauthorized fund transfer, and Oasys L1 bridge contract vulnerability enabling NFT theft.

smart-contract-vulnerability access-control function-visibility token-theft web3-security solidity immunefi betverse ocean-protocol oasys nft-theft bridge-vulnerability unprotected-function

Shanmuga Bharathi Betverse Ocean Protocol Oasys Immunefi BToken

mirror.xyz · Shanmuga Bharathi. N · 19 hours ago · details