bug-bounty622
facebook479
xss316
google174
microsoft120
rce102
apple72
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos36
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware27
node26
smart-contract-vulnerability25
idor25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
react21
vulnerability-disclosure21
reverse-engineering20
auth-bypass19
aws19
remote-code-execution18
lfi18
cloud17
docker17
cors17
oauth17
supply-chain17
race-condition17
info-disclosure16
browser14
authentication-bypass14
solidity14
phishing14
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
vulnerability
A critical bug in Thena's reward claiming mechanism prevents veNFT holders from claiming rewards after their lock period expires due to an improper expiry check in the deposit_for function. The vulnerability freezes user rewards and was missed by CodeArena auditors despite affecting forked code from previously audited protocols.
smart-contract-vulnerability
access-control
state-management
amm
erc20
nft
voting-escrow
reward-distribution
lock-mechanism
expiry-check
solidity
Thena
CodeArena
trust__90
Uniswap
Curve
OlympusDAO
Velodrome
3xcalibur
immunefi
RewardsDistributor.sol
VotingEscrow.sol
THE
0
vulnerability
A critical bug in Thena's merge() function fails to reset the supply variable when merging two veNFTs, allowing attackers to artificially inflate supply and manipulate weekly emissions, reduce reward distribution, or cause DOS attacks against the protocol. The vulnerability was disclosed to Thena via Immunefi and rewarded $20k.
smart-contract
vulnerability
defi
supply-inflation
merge-function
venft
voting-escrow
emission-calculation
denial-of-service
integer-arithmetic
Thena
immunefi
trust__90