Introduction The Rekt Test is a short questionnaire for web3 projects to ensure they operate at a minimum baseline of security performance. This questionnaire was crafted by a working group of web3 security experts in early 2023 at the Gathering Minds conference. The group included participants like Mitchell Amador from Immunefi…

Summary On April 28th, the whitehat Paludo0x responsibly disclosed a critical logic error vulnerability to Yield Protocol via Immunefi. The vulnerability involved a potential exploit that could allow an attacker to drain the base tokens from a pool by manipulating the token balance of a contract. Fortunately, thanks to the whitehat’s…

Introduction Exploits in the blockchain space are becoming more complex. Before, smart contract developers and auditors mainly had to think about how to secure smart contracts against exploits that happen in a single transaction. But now, it’s much more common to see attacks that occur over multiple transactions. Blackhats are also…

Introduction Smart contracts, powered by blockchain technology, have revolutionized various industries by providing decentralized and automated functionalities. However, they have also introduced new types of security challenges in the operation and design of decentralized applications. In this article, we will explore the top ten most common smart contract vulnerabilities that developers…

Introduction In this article, we’re going to explore the impacts of web2 vulnerabilities on dApps, and how hackers from the web2 world can discover and responsibly report these bugs to earn big bug bounty rewards on Immunefi. We’ve previously discussed specific examples of web2 vulnerabilities in web3 in the past. One…

Introduction Your bug report has just been paid. The funds are in your wallet, your rank on the Immunefi Leaderboard has increased, and you feel fantastic. But it’s not over yet. While it’s nice to receive funds for your hard work, it’s also nice to receive public recognition for your bug…

Summary On April 28th, a veteran whitehat known as @kankodu responsibly disclosed a critical logic error vulnerability to Silo Finance via Immunefi. The vulnerability showcased a potential exploit that could have allowed a malicious hacker to steal assets from the Silo pool contract. The whitehat demonstrated that an attacker could manipulate…

Summary On April 28, 2023, a whitehat with the pseudonym perseverance submitted a critical vulnerability to DFX Finance via Immunefi, which consisted of a rounding error with the EURS token due to the non-standard decimal value of two. At the time of the submission, $237,143 was in the vulnerable pool and…

Reentrancy has a long history in Ethereum and is the vulnerability class responsible for The DAO Hack, one of the biggest attacks on the early Ethereum network in 2016. …