A high-risk vulnerability in Ondo Finance's TrancheToken smart contract allowed attackers to destroy the uninitialized implementation contract via selfdestruct, causing all proxy contracts to no-op and potentially draining $50m from UniswapStrategy contracts if a minting flag were enabled. The bug was patched immediately after disclosure with no user funds at risk.
A collection of blockchain security research and bug reports covering vulnerabilities in Oasys L2 blockchain, Eco's lockup contracts, and hybrid NFT attacks on Ocean Protocol. Multiple issues were identified and reported through Immunefi's bug bounty program.
A collection of security research articles covering vulnerabilities in blockchain projects including Oasys (a gaming-focused Ethereum L2), Eco's lockup contracts, and Ocean Protocol's hybrid NFT implementation where on-chain data modifications can be exploited. Multiple bugs are documented with disclosure timelines and remediation details.
An analysis of how bug-fix attempts in the RAI protocol's debt auctions introduced critical vulnerabilities while addressing low-severity issues, alongside technical exploration of EVM bit masking operations and assembly-level smart contract optimization techniques.
A critical bug in Thena's merge() function fails to reset the supply variable when merging two veNFTs, allowing attackers to artificially inflate supply and manipulate weekly emissions, reduce reward distribution, or cause DOS attacks against the protocol. The vulnerability was disclosed to Thena via Immunefi and rewarded $20k.
A researcher discovered a zero-day Server-Side Template Injection (SSTI) vulnerability in the Handlebars template engine used in Shopify's Return Magic app, achieving Remote Code Execution by exploiting Object.prototype methods and the Function constructor to bypass sandbox restrictions. The exploit leverages the 'with' helper and Object.prototype.defineProperty() to inject arbitrary code through email workflow templates.
An educational guide explaining buffer overflow and buffer overrun vulnerabilities, their exploitation methods, and attacks, as part of Veracode's application security resource hub covering AppSec concepts and best practices.
A researcher discovered an unauthenticated Apache Solr instance running on a Microsoft subdomain vulnerable to CVE-2019-17558, exploitable via velocity template injection to achieve RCE. The attack requires modifying the params.Resource.Loader.Enabled configuration and then sending a malicious velocity template payload.
A security researcher describes discovering and exploiting a Server-Side Request Forgery (SSRF) vulnerability using DNS rebinding techniques to bypass IP filtering, access AWS metadata endpoints, enumerate internal ports, and discover a buffer overread vulnerability in a Monit admin interface. The writeup details the exploitation chain and introduces dnsFookup, a GUI tool for automating DNS rebinding attacks.