bug-bounty405
google392
xss350
microsoft305
facebook274
apple184
exploit182
rce174
malware136
cve107
account-takeover94
csrf86
browser85
writeup69
privilege-escalation66
phishing61
dos60
react59
supply-chain56
bragging-post55
authentication-bypass54
cloudflare51
node51
ssrf49
aws48
docker48
access-control46
smart-contract45
reverse-engineering45
web344
ethereum43
defi42
pentest41
oauth41
sql-injection40
lfi35
idor35
race-condition33
info-disclosure33
smart-contract-vulnerability32
cloud31
buffer-overflow30
auth-bypass29
wordpress29
clickjacking29
solidity27
subdomain-takeover27
vulnerability-disclosure25
web-application24
sqli23
0
8/10
vulnerability
A vulnerability in Polygon's Heimdall validator software allowed rogue validators to forge Ethereum log events by exploiting improperly indexed log matching in the DecodeValidatorStakeUpdateEvent function, potentially enabling stake manipulation and fraudulent bridge transactions affecting $2B+ in locked assets. The flaw resided in the side-handler verification logic that failed to properly validate log authenticity when comparing transaction receipts against incoming Heimdall messages.
consensus-layer-vulnerability
ethereum-bridge
log-parsing-vulnerability
validator-compromise
heimdall
polygon-pos
stake-management
side-handler-bypass
event-validation
proof-of-stake
cross-chain-security
side-channel-attack
Polygon PoS
Heimdall
Ethereum
StakeManager
StakingInfo
MsgStakeUpdate
Immunefi
Felix Wilhelm
Bor
Tendermint
Cosmos