upgradeable-contracts

1 article

sort: new top best

bug-bounty497 google318 xss300 microsoft262 facebook230 rce194 exploit166 apple155 malware144 cve131 account-takeover113 bragging-post110 privilege-escalation88 csrf86 authentication-bypass71 stored-xss66 writeup62 phishing62 browser59 reflected-xss59 dos59 supply-chain57 access-control52 reverse-engineering50 input-validation49 web-security49 react49 cloudflare48 defi48 ssrf48 smart-contract47 cross-site-scripting46 open-source46 oauth44 ethereum44 sql-injection43 lfi43 aws41 web340 node39 docker38 web-application38 race-condition37 ctf37 api-security36 burp-suite36 ai-agents35 pentest35 info-disclosure35 buffer-overflow33

0 6/10

Wormhole

bug-bounty

Immunefi's retrospective on Wormhole's critical uninitialized proxy vulnerability in their Ethereum bridge contract, which was responsibly disclosed by researcher satya0x and resulted in a record $10 million bug bounty. The article includes detailed technical explanation of proxy patterns, delegatecall mechanics, and how uninitialized proxies can lead to fund lockup.

smart-contract-security proxy-pattern uninitialized-proxy upgradeable-contracts delegatecall solidity bug-bounty responsible-disclosure bridge-security ethereum

Wormhole Immunefi satya0x OpenZeppelin Ethereum

medium.com · satya0x · 6 hours ago · details