visibility-misconfiguration

1 article

Sort: New Top Best

bug-bounty622 facebook479 xss316 google174 microsoft120 rce102 apple72 csrf60 web355 account-takeover53 writeup51 exploit43 sqli41 dos36 ssrf34 cve33 cloudflare32 privilege-escalation29 defi28 malware27 node26 smart-contract-vulnerability25 idor25 subdomain-takeover24 clickjacking23 smart-contract23 ethereum23 access-control21 react21 vulnerability-disclosure21 reverse-engineering20 auth-bypass19 aws19 remote-code-execution18 lfi18 cloud17 docker17 cors17 oauth17 supply-chain17 race-condition17 info-disclosure16 browser14 authentication-bypass14 solidity14 phishing14 denial-of-service11 sql-injection11 delegatecall11 wordpress10

Betverse

vulnerability

A critical vulnerability in the Betverse ICO Token contract's transferTokenToLockedAddresses() function was caused by incorrectly marking it as public instead of internal, allowing attackers to steal BToken by repeatedly transferring funds to their addresses. The article documents this access control misconfiguration discovered during security research on the Immunefi platform.

smart-contract access-control visibility-misconfiguration token-theft ico-vulnerability solidity bug-bounty web3-security cryptocurrency

Betverse Immunefi BToken Shanmuga Bharathi Ocean Protocol OASYS

mirror.xyz · Shanmuga Bharathi. N · 4 hours ago · details