bug-bounty621
facebook431
xss316
google103
rce101
csrf60
microsoft59
web354
account-takeover53
writeup50
apple42
sqli41
cve35
ssrf34
exploit33
dos31
privilege-escalation28
defi28
cloudflare27
smart-contract-vulnerability25
idor24
subdomain-takeover24
ethereum23
clickjacking23
smart-contract23
vulnerability-disclosure21
access-control21
auth-bypass19
malware19
remote-code-execution18
lfi17
cors16
race-condition15
cloud15
reverse-engineering14
authentication-bypass14
solidity14
oauth12
browser12
info-disclosure12
aws12
sql-injection11
delegatecall11
denial-of-service11
phishing11
web-application-security10
vulnerability9
buffer-overflow9
web-security9
token-theft9
0
6/10
vulnerability
A high-severity DoS vulnerability in Sui's Narwhal consensus layer allowed attackers to crash validator nodes via Out-of-Memory (OOM) attacks by sending a single malicious request with 1.2M certificate digests (37MB payload), bypassing the absence of response limits and timeout handling in the get_certificates() function. The vulnerability was patched by removing the vulnerable GetCertificates and GetPayloadAvailability handlers, with the researcher earning a $50,000 SUI bounty.
denial-of-service
out-of-memory
memory-exhaustion
byzantine-fault-tolerance
consensus-protocol
validator-node
blockchain
narwhal
bullshark
move-language
certificate-handling
bug-bounty
responsible-disclosure
Sui
Immunefi
@F4lt
Narwhal
Bullshark
Move
MystenLabs