sayan011/Immunefi-bug-bounty-writeups-list
GitHub: sayan011/Immunefi-bug-bounty-writeups-list
这是一个免疫链漏洞赏金报告的精选列表,旨在帮助安全社区学习和分析Web3安全事件。
Stars: 1143 | Forks: 132
- 如果您在寻找最新的内容,它们很可能在页面底部
- 尽管仓库名称如此,它仍然包含一些来自其他平台的内容
- [Bounty Boosts的漏洞报告](https://reports.immunefi.com/)
- [Immunefi的漏洞修复审查](https://github.com/immunefi-team/Web3-Security-Library/blob/main/BugFixReviews/README.md)
- [Beanstalk提交的所有报告](https://community.bean.money/bug-reports)
- [SCV-List](https://github.com/sirhashalot/SCV-List) | 赏金金额 | **严重性** | **协议名称 + 报告链接** | **白帽黑客** | | ---------------------- | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------- | | 10M | 严重 | [Wormhole](https://medium.com/immunefi/wormhole-uninitialized-proxy-bugfix-review-90250c41a43a) | [satya0x](https://twitter.com/satya0x) | | 6M | 严重 | [Aurora](https://medium.com/immunefi/aurora-infinite-spend-bugfix-review-6m-payout-e635d24273d) | [pwning.eth](https://twitter.com/PwningEth) | | 2M | 严重 | [Optimism](https://medium.com/immunefi/optimism-infinite-money-duplication-bugfix-review-daa6597146a0) | [saurik](https://twitter.com/saurik) | | 1M+50k | 严重 | [Moonbeam](https://pwning.mirror.xyz/okyEG4lahAuR81IMabYL5aUdvAsZ8cRCbYBXh8RHFuE) | [pwning.eth](https://twitter.com/PwningEth) | | 1M | 严重 | [Polkadot Frontier EVM](https://pwning.mirror.xyz/RFNTSouIIlHVNmTNDThUVb1obIeN5c1LAiQuN9Ve-ok) | [pwning.eth](https://twitter.com/PwningEth) | | 200k | 严重 | [Interlay](https://pwning.mirror.xyz/jlT8OgtwN3mQf3KdYmXdcSXbE4s95JzT3eR3wxiLmpw) | [pwning.eth](https://twitter.com/PwningEth) | | 250k | 严重 | [Sherlock Yield Strategy](https://mirror.xyz/0xE400820f3D60d77a3EC8018d44366ed0d334f93C/LOZF1YBcH1eBdxlC6HP223cAMeTpNgQ-Kc4EjQuxmGA) | [GothicShanon89238](https://twitter.com/Shanon40439853) | | 1M+50K | 严重 | [Belt](https://medium.com/immunefi/belt-finance-logic-error-bug-fix-postmortem-39308a158291) | [Bobface](https://twitter.com/bobface16) | | 800K | 严重 | [Fei](https://medium.com/immunefi/fei-protocol-flashloan-vulnerability-postmortem-7c5dc001affb) | [Bobface](https://twitter.com/bobface16) | | 400 ETH | 严重 | [Arbitrum](https://medium.com/@0xriptide/hackers-in-arbitrums-inbox-ca23272641a2) | [riptide](https://twitter.com/0xriptide) | | 50 ETH | 严重 | [Balancer](https://mirror.xyz/0x2719F6Dfb85086F87319079cC2f7EeFD0e40994D/NWDf5uW1Ve7-TrcPKwmM86xp8ploMSCRGC58A-NSoFY) | [riptide](https://twitter.com/0xriptide) | | 未支付(超出范围) | - | [LEVEL Finance](https://twitter.com/0xriptide/status/1658708383535333380) | [riptide](https://twitter.com/0xriptide) | | ~182K | 严重 | [BeanStalk](https://medium.com/immunefi/beanstalk-logic-error-bugfix-review-4fea17478716) | - | | 50K | 严重 | [Sense](https://medium.com/immunefi/sense-finance-access-control-issue-bugfix-review-32e0c806b1a0) | [alephv.eth](https://twitter.com/alpeh_v) | | 50k | 严重 | [Fluidity](https://www.trust-security.xyz/post/breaking-fluidity-for-glory-and-50k) | [Trust](https://twitter.com/trust__90) | | 20k | 严重 | [Oasis](https://www.trust-security.xyz/post/taking-home-a-20k-bounty-with-oasis-platform-shutdown-vulnerability) | [Trust](https://twitter.com/trust__90) | | 2k | 严重 | [Fringe.fi](https://www.trust-security.xyz/post/diving-deep-into-a-critical-protocol-insolvency-bug-in-fringe-fi-lending-platform) | [Trust](https://twitter.com/trust__90) | | 5K | 严重 | [O3](https://www.trust-security.xyz/post/critical-finding-stealing-tokens-from-o3-bridge-users) | [Trust](https://twitter.com/trust__90),[0xDjango](https://twitter.com/0xDjangoOnChain) | | 未支付 | 中等 | [Morpho](https://www.trust-security.xyz/post/med-morpho-finance-logic-contract-can-be-destroyed-via-controlled-delegatecall) | [Trust](https://twitter.com/trust__90) | | 未支付 | 严重 | [Compound](https://www.trust-security.xyz/post/crit-compound-liquidators-may-seize-assets-not-held-as-collateral-closed-as-known-issue) | [Trust](https://twitter.com/trust__90) | | - | 高 | [ANKR/Stader](https://www.trust-security.xyz/post/high-ankr-stader-reward-distribution-is-vulnerable-to-mev-leading-to-theft-of-reward-won-t-fix) | [Trust](https://twitter.com/trust__90) | | 未支付 | 高 | [Iron Bank](https://www.trust-security.xyz/post/high-iron-bank-liquidator-is-not-credited-with-correct-collateral-amount) | [Trust](https://twitter.com/trust__90) | | 未支付 | 高 | [Iron Bank](https://www.trust-security.xyz/post/high-iron-bank-collateral-cap-is-not-enforced-at-account-initialization) | [Trust](https://twitter.com/trust__90) | | - | 低 | [ANKR](https://www.trust-security.xyz/post/low-ankr-user-gets-more-gas-than-supposed-to-when-distributing-rewards) | [Trust](https://twitter.com/trust__90) | | 未支付 | 严重 | [Brahma](https://www.trust-security.xyz/post/crit-brahma-fi-fee-collection-does-not-take-previous-losses-into-account) | [Trust](https://twitter.com/trust__90) | | 未支付 | 严重 | [Brahma](https://www.trust-security.xyz/post/crit-brahma-fi-l2-position-handler-miscalculates-position-value-leading-to-severe-risks) | [Trust](https://twitter.com/trust__90) | | 未支付 | 中等 | [Brahma](https://www.trust-security.xyz/post/med-brahma-fi-curve-miscalculations-may-cause-user-withdraws-to-fail) | [Trust](https://twitter.com/trust__90) | | | | | | | 未支付 | 严重 | [Oasis](https://www.trust-security.xyz/post/the-story-of-the-0-day-crit-that-wasn-t) | [Trust](https://twitter.com/trust__90) | | 未支付 | - | [Tokemak](https://www.trust-security.xyz/post/tokemak-liquidity-operator-can-steal-funds) | [Trust](https://twitter.com/trust__90) | | 20k | 高 | [Thena](https://zzykxx.com/2023/02/02/the-bug-that-codearena-missed-,-twice/) | [zzykxx](https://twitter.com/zzykxx) | | 28k | 严重 | [Alchemist](https://dacian.me/28k-bounty-admin-brick-forced-revert) | [Dacian](https://twitter.com/DevDacian) | | 1k | 低 | [Warden Swap](https://github.com/TradMod/Security-Audits/blob/main/Bug%20Bounty/WardenSwapBugReport.md) | [ABDul Rehman](https://x.com/TheTradMod) | | 未支付 | 严重 | [Hourglass (旧版) ](https://github.com/TradMod/Security-Audits/blob/main/Bug%20Bounty/HourglassBugReport.md) | [ABDul Rehman](https://x.com/TheTradMod) | | 20K | 高 | [Thena](https://zzykxx.com/2023/02/27/a-very-helpful-sign/) | [zzykxx](https://twitter.com/zzykxx) | | 未支付 | 严重 | [Angle](https://medium.com/@deliriusz/stealing-in-motion-immunefi-bounty-hunting-from-different-angle-5eb03602f5c1) | [deliriusz.eth](https://twitter.com/deliriusz_eth) | | 44.8 ETH | 严重 | [Tranchess](https://www.kalos.xyz/blog/tranchess-liquid-staking-deposit-firstrun-vulnerability-analysis) | [Jade](https://twitter.com/windowhan) | | 2.5k | 低 | [Hyperlane](https://github.com/0xRajkumar/audits/blob/main/Immunefi/README.md#wrong-use-of-assembly-builtin-function) | [ 0xRajkumar](https://twitter.com/0xRajkumar) | | 5k | 中等 | [Ocean](https://mirror.xyz/chiefdestroyer.eth/Xd08Mseb33gbyo-9py9old7ejYz6sVxOsle6v-1RRmc) | [Shanmuga Bharathi. N](https://twitter.com/ch13fd357r0y3r) | | 1K | 严重 | [Betverse](https://mirror.xyz/chiefdestroyer.eth/iB31aKROKdXZG1MiZjoOdbAq-jzEz_PgVrUKUnA_ILg) | [Shanmuga Bharathi. N](https://twitter.com/ch13fd357r0y3r) | | 40K | 高 | [Cronos](https://medium.com/immunefi/cronos-theft-of-transactions-fees-bugfix-postmortem-b33f941b9570) | [zb3](https://github.com/zb3) | | 180K+450K | 严重 | [Port](https://medium.com/immunefi/port-finance-logic-error-bugfix-review-29767aced446) | [nojob](https://twitter.com/nojob_capital) | | 42K | 严重 | [88mph](https://medium.com/immunefi/88mph-function-initialization-bug-fix-postmortem-c3a2282894d3) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | 25k | 高 | [Ondo](https://iosiro.com/blog/high-risk-vulnerability-disclosed-to-ondo-finance) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | 7.5K | 高 | [Alchemix](https://medium.com/immunefi/alchemix-access-control-bug-fix-debrief-a13d39b9f2e0) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | - | 严重 | [pxMythics](https://ashiq.co.za/tabs/research/#-critical-vulnerability-disclosed-to-pxmythics) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | - | 严重 | [abwagmi](https://ashiq.co.za/tabs/research/#-critical-vulnerability-disclosed-to-abwagmi) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | - | 严重 | [Polygon](https://ashiq.co.za/tabs/research/#-critical-vulnerability-disclosed-to-polygon) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | - | 严重 | [OpenZeppelin](https://ashiq.co.za/tabs/research/#%EF%B8%8F-critical-vulnerability-disclosed-to-four-definft-projects-and-escalated-to-openzeppelin) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | 5K | 高 | [Charged Particles](https://medium.com/immunefi/charged-particles-griefing-bug-fix-postmortem-d2791e49a66b) | [janbro.eth](https://twitter.com/unsafe_call) | | 10K | 严重 | [Mt Pelerin](https://medium.com/immunefi/mt-pelerin-double-transaction-bugfix-review-503838db3d70) | - | | 150K | 严重 | [Synthetix](https://medium.com/immunefi/synthetix-logic-error-bugfix-review-40da0ead5f4f) | thunderdeep14 | | 560k | 严重 | [Redacted Cartel](https://medium.com/immunefi/redacted-cartel-custom-approval-logic-bugfix-review-9b2d039ca2c5) | [Tommaso Pifferi](https://twitter.com/neslinesli93) | | 100K | 严重 | [APWine](https://medium.com/immunefi/apwine-incorrect-check-of-delegations-bugfix-review-7e401a49c04f) | setuid0 | | 19K | 严重 | [Enzyme](https://medium.com/immunefi/enzyme-finance-price-oracle-manipulation-bug-fix-postmortem-4e1f3d4201b5) | setuid0 | | 1M+100k 备注 | 严重 | [Notional](https://medium.com/immunefi/notional-double-counting-free-collateral-bugfix-review-28b634903934) | [0x60511e57](https://twitter.com/0x60511e57) | | 4.5K | 严重 | [Bitswift](https://medium.com/immunefi/bitswift-unlimited-mint-bugfix-postmortem-147a1e57dca9) | - | | 75K | 高 | [Polygon](https://medium.com/immunefi/polygon-consensus-bypass-bugfix-review-7076ce5047fe) | [Niv Yehezkel](https://twitter.com/invlpgtbl) | | 500 | 严重 | [dHEDGE](https://mirror.xyz/0x6746Cae57DA75D77137f7749582f511B4d9f866c/fU6YVrXulTL5z5qMraVTDJmnUiPP8NH17XGzDJLvq1k) | [Quantish](https://mirror.xyz/0x6746Cae57DA75D77137f7749582f511B4d9f866c) | | - | 严重 | [Multichain (原名Anyswap)](https://medium.com/@gr_gred/how-i-found-2-bugs-after-2-audits-on-smart-contracts-with-20-mil-3a23209b463d) | [Vladislav Yaroshuk](https://medium.com/@gr_gred) | | 60K | 严重 | [Mushrooms](https://medium.com/immunefi/mushrooms-finance-logic-error-bug-fix-postmortem-780122821621) | [CKK Sec](https://twitter.com/ckksec) | | 25K | 严重 | [Zapper](https://medium.com/immunefi/zapper-arbitrary-call-data-bug-fix-postmortem-d75a4a076ae9) | [Lucash-dev](https://twitter.com/lucash_dev) | | 25K | 严重 | [Tidal](https://medium.com/immunefi/tidal-finance-logic-error-bug-fix-postmortem-3607d8b7ed1f) | [csanuragjain](https://twitter.com/csanuragjain) | | 5K | 中等 | [xDai](https://medium.com/immunefi/xdai-stake-arbitrary-call-method-bug-postmortem-f80a90ac56e3) | 0xadee028d | | 1k | 低 | [IPOR](https://twitter.com/HollaWaldfee100/status/1656992468867465222) | [HollaWaldfee](https://twitter.com/HollaWaldfee100) | | 400K | 严重 | [Enzyme](https://medium.com/immunefi/enzyme-finance-missing-privilege-check-bugfix-review-ddb5e87b8058) | [rootrescue](https://twitter.com/rootedrescue) | | - | 中等 | [Polygon zkEVM](https://twitter.com/0xiczc/status/1662090451493740545) | [iczc](https://twitter.com/0xiczc) | | 800+800 | - | [Lybra Finance](https://medium.com/@smaul_1/enhancing-protocol-integrity-addressing-bugs-in-the-lybra-finance-contract-21c1e4b68387) | [Soumen Jana](https://twitter.com/smaul_1) | | - | 严重 | [Spartan](https://github.com/gogotheauditor/audits/blob/main/reports/Spartan-Immunefi-Bug-Bounty.md) | [gogo](https://twitter.com/gogotheauditor) | | 100k | 严重 | [DFX Finance](https://medium.com/immunefi/dfx-finance-rounding-error-bugfix-review-17ba5ffb4114) | perseverance | | - | - | [Perennial](https://mirror.xyz/0x9D6b7f5e8d1b9dFea8dDD29c0DbD81687e721601/mm_D_HrqfntAkGM1DvVQvy1WuPbj99pKYfRp-xDbs8U) | [Zach Obront](https://twitter.com/zachobront) | | 100k | 严重 | [Silo](https://twitter.com/kankodu/status/1669833829203476480) | [kankodu](https://twitter.com/kankodu) | | 50K | 严重 | [Q Blockchain](https://medium.com/@blockian/striking-gold-at-30-000-feet-uncovering-a-critical-vulnerability-in-q-blockchain-for-50-000-ab335042147b) | [Blockian](https://twitter.com/_blockian) | | - | - | [Astroport](https://defihacklabs.substack.com/p/chainlight-patch-thursday-astroports?utm_source=profile&utm_medium=reader2) | [ChainLight](https://twitter.com/chainlight_io) | | 50K | 严重 | [BendDAO](https://medium.com/@BendDAO/sewer-pass-flash-claim-vulnerability-9d2b0b1e09ef) | - | | - | 中等 | [OpenZeppelin](https://twitter.com/0xDACA/status/1669846430528286722) | [Daniel Cohen Hillel](https://twitter.com/0xDACA) | | - | 严重 | [Eco](https://mirror.xyz/0x333247F2e126954ed6428e9135Ae9dE06A76BA32/Hhs0AGFqqemCljNa49AnYVUTrLPCvdyPtd23k4iwQ_M) | [merkle_bonsai](https://twitter.com/merkle_bonsai) | | - | - | [Bifrost Finance](https://medium.com/@thiagoweb3/arrays-as-input-in-smart-contracts-things-you-should-know-b1eed7a2d17d) | [Matue](https://twitter.com/auditorweb3) | | 2k | - | [-](https://medium.com/@sudout92/exploiting-signature-verification-vulnerabilities-in-smart-contracts-f4eb64cd3b23) | [Heuss](https://twitter.com/UnoHeuss) | | 未支付(重复) | 严重 | [-](https://medium.com/@Heuss/critical-nft-bridge-vulnerability-potential-theft-of-deposited-nfts-f5b26a7776eb) | [Heuss](https://twitter.com/UnoHeuss) | | 95K | 严重 | [Yield Protocol](https://medium.com/immunefi/yield-protocol-logic-error-bugfix-review-7b86741e6f50) | [Paludo0x](https://twitter.com/PaludoX0) | | 500 | 严重 | [O3 Swap](https://medium.com/@Heuss/unprotected-swap-function-a-erc777-reentrancy-vulnerability-81aaeaa75a2a) | [Heuss](https://twitter.com/UnoHeuss) | | 20K | 高 | [-](https://mirror.xyz/0xa270bb1241FF428927406e5Fde47e7EA8592aFb1/cf1QndLvVDnaSU38EtyFppYKMgF5ZDi0E6Olcsh-GSI) | [Driver](https://twitter.com/qwerty6875987) | | 10k | 2 x 中等 | [DFX Finance](https://www.beirao.xyz/blog/BB1-DFX) | [Beirao](https://twitter.com/0xBeirao) | | - | 严重 | [Beluga Protocol](https://github.com/MiloTruck/audits/blob/main/immunefi/beluga-C-01.md) | [MiloTruck](https://twitter.com/milotruck) | | - | 信息性 | [GYSR](https://github.com/MiloTruck/audits/blob/main/immunefi/gysr-I-01.md) | [MiloTruck](https://twitter.com/milotruck) | | 20K | 严重 | [Optimism](https://www.iosiro.com/blog/optimism-censorship-bug-disclosure) | [iosiro](https://twitter.com/iosiro_security) | | - | 严重 | [Threshold Network](https://blog.threshold.network/retro-l2-wormholegateway-crit/) | -| | 1M | 严重 | [Balancer](https://medium.com/immunefi/balancer-rounding-error-bugfix-review-cbf69482ee3d) | [GothicShanon89238](https://twitter.com/Shanon40439853)| | - | - | [RAI](https://mirror.xyz/vnmrtz.eth/WXm4QJFInoB992czPniFbQyAkGUkdoaSd5zEjK5uRIo) | [vnmrtz.eth](https://twitter.com/vn_martinez_)| | 5k | 严重 | [Lybra Finance](https://twitter.com/Guhu95/status/1722533559943287251) | [guhu](https://twitter.com/Guhu95)| | 30k | 严重 | [Perpetual Protocol](https://securitybandit.com/2023/02/07/bad-debt-attack-for-perpetual-protocol/) | [banditx0x](https://twitter.com/banditx0x)| | - | 无 | [Ocean Protocol](https://mirror.xyz/0x333247F2e126954ed6428e9135Ae9dE06A76BA32/GgAUn8pLDqMdM4s0FWZTd5XPHJWrRmLBqbLFxbPOdbo) | [merkle_bonsai](https://twitter.com/merkle_bonsai/)| | - | 严重 | [Ocean Protocol](https://mirror.xyz/0x333247F2e126954ed6428e9135Ae9dE06A76BA32/pZBMxr2Kd2YYUO9lpgN8Xf0Lc_HM7q5G5iIwa7GrUhM) | [merkle_bonsai](https://twitter.com/merkle_bonsai/)| | - | 严重 | [Talent Protocol](https://mirror.xyz/0xCf39521413F8De389771e35bB4C77b4bb827b7B3/HdSq7TVvk-s7DzQgN3u0pV8UFiVkaDft18HgmePTag4) | [okkothejawa](https://twitter.com/okkothejawa),[𝗌𝗂𝗀𝗁](https://twitter.com/sigh242)| | 50K | 严重 | [zkSync Era](https://medium.com/chainlight/uncovering-a-zk-evm-soundness-bug-in-zksync-era-f3bc1b2a66d8) | [ChainLight](https://twitter.com/chainlight_io/)| | 200K | 严重 | [Tranchess](https://github.com/floranguyen0/tranchess-vulnerability-disclosure) | [Flora](https://twitter.com/chainSiren)| | - | 高 | [Retro+Thena+`未知协议` ](https://github.com/deadrosesxyz/BugWriteups/blob/main/RetroThenaX.md) | [deadrosesxyz](https://twitter.com/deadrosesxyz)| | 50K | 严重 | [Astar](https://www.zellic.io/blog/finding-a-critical-vulnerability-in-astar/) | [Zellic](https://twitter.com/zellic_io)| | - | 2 x 中等 | [Cronos Gravity Bridge](https://faith2dxy.xyz/2023-12-12/cronos-gravity-bridge-bugs/) | [Faith](https://twitter.com/farazsth98)| | - | 低 | [Nomad](https://nikitastupin.com/blog/2023/04/15/not-is-not-iszero.html) | [Nikita Stupin](https://twitter.com/_nikitastupin) | | 1.1M | 严重 | [Beanstalk](https://medium.com/immunefi/beanstalk-insufficient-input-validation-bugfix-review-fc3fdbaab15b) | nicole | | 50k(总计) | 中等 | [100+个项目](https://www.trust-security.xyz/post/permission-denied) | [Trust Security](https://www.trust-security.xyz/team) | | 200k | 严重 | [Oasys](https://mirror.xyz/0x333247F2e126954ed6428e9135Ae9dE06A76BA32/a6HqOCOjJ10Bosyi0cGz6Lxff8t68Uo4YvFsVg2tHaw) | [merkle_bonsai](https://twitter.com/merkle_bonsai/) | | - | 高/中等 | [15+个项目](https://mirror.xyz/curiousapple.eth/pFqAdW2LiJ-6S4sg_u1z08k4vK6BCJ33LcyXpnNb8yU) | [curiousapple](https://twitter.com/0xcuriousapple) | | 200k | 严重 | [zkSync Lite](https://medium.com/immunefi/zksync-insufficient-proof-verification-bugfix-review-dcd57944d0e2) | [LonelySloth](https://twitter.com/lonelysloth_sec) | | - | 严重 | [Polygon PoS](https://www.asymmetric.re/blog/polygon-log-confusion) | [Barracuda3172](https://twitter.com/asymmetric_re) | | ~76K | 严重 | [Stacks](https://medium.com/immunefi/stacks-dos-bugfix-review-dc0f2a75b276) | [Catchme](https://twitter.com/ma1fan) | | 未支付 | 2 x 高 | [Stargate](https://www.trust-security.xyz/post/learning-by-breaking-a-layerzero-case-study-part-2) | [Trust Security](https://www.trust-security.xyz/team) | | 5K | 低 | [LayerZero](https://www.trust-security.xyz/post/learning-by-breaking-a-layerzero-case-study-part-3) | [Trust Security](https://www.trust-security.xyz/team) | | - | 严重 | [Deri](https://mirror.xyz/0x2719F6Dfb85086F87319079cC2f7EeFD0e40994D/HVfC1Q3ZnOhMpMir1dDMW_e0aXDkcOKsUf30dNbAumA) | [riptide](https://twitter.com/0xriptide) | | - | 严重 | [Polygon zkEVM](https://blog.verichains.io/p/discovering-and-fixing-a-critical) | [Verichains](https://twitter.com/Verichains) | | 1.6K | 严重 | [Cronos](https://gist.github.com/fatherGoose1/690fa2d8245488b6750b67a0fdeb34bc) | [0xDjango](https://twitter.com/0xDjangoOnChain) | | 290,497 | 高 + 严重 | [The Graph](https://medium.com/immunefi/the-graph-rounding-error-bugfix-review-c946ff470f65) | [GregadETH](https://x.com/Gregadeth) | | 2M+75k | 2 x 严重 | [Sei Network](https://usmannkhan.com/bug%20reports/2024/06/17/sei-bug-report.html) | [usmannk](https://x.com/usmannk) | | 15k | 中等 | [Sovryn](https://x.com/gandu_whitehat/status/1803794103248806223) | [gandu](https://x.com/gandu_whitehat) | | 505k | 严重 | [Raydium](https://medium.com/immunefi/raydium-tick-manipulation-bugfix-review-c6aae4527ed6) | [riproprip](https://x.com/riproprip) | | 75k | 严重 | [Sei Network](https://exvul.com/share-the-details-sei-protocol-vulnerability-worth-75k/) | [Catchme](https://x.com/ma1fan) | | - | 杂项 | [-](https://github.com/devNamedKiki/Audits?tab=readme-ov-file#bug-bounties) | [Kiki](https://x.com/Kiki_developer) | | 150k | 严重 | [Evmos](https://medium.com/@jjordanjjordan/150-000-evmos-vulnerability-through-reading-documentation-d26328590a7a) | [jayjonah.eth](https://x.com/jayjonah_eth) | | 50k | 高 | [Wormhole](https://x.com/marcotnunes/status/1889707212450234629) | [Marco Nunes](https://x.com/marcotnunes) | | 250k | 严重 | [Balancer V2](https://mirror.xyz/0x38F1416B9Ed3a5DA9C12c56cb4F74D9564844728/iv9_q74rSlK7gbvbJAECuDIbzfUtrSCO6mSWIHPskKI) | [kankodu](https://x.com/kankodu) | | 50k | 严重 | [Axelar Network](https://marcotnunes.com/axelar-network-cross-chain-halt-vulnerability/) | [Marco Nunes](https://x.com/marcotnunes) | | - | 高 | [Vesu](https://x.com/kankodu/status/1904821401510699389) | [kankodu](https://x.com/kankodu) | | 70k | 严重 | [Acala](https://immunefi.com/blog/all/acala-block-production-shutdown-bug-fix-review/) | [Lastc0de](https://x.com/thel4stc0de) | | 1k | 严重 | [Scroll](https://x.com/shabarkin/status/1917483039195816213) | [Pavel Shabarkin](https://x.com/shabarkin) | | 1M | 严重 | [Scroll](https://forum.scroll.io/t/report-scroll-mainnet-emergency-upgrade-on-2025-04-25/666#p-1404-issue-2-message-spoofing-in-the-bridge-4) | [WhiteHatMage](https://x.com/WhiteHatMage) | | - | 严重 | [Vesu](https://docs.vesu.xyz/security/disclosures-report/rounding-convention-bug-disclosure) | [Alex](https://x.com/__alexxander_) | | - | 高 | [Across V3](https://mirror.xyz/0x9D6b7f5e8d1b9dFea8dDD29c0DbD81687e721601/mrt70ckjaZymv9keUy_TzHVIzjBOQr-Hx_KI1ydFeoQ) | [Zach Obront](https://x.com/zachobront) & [deadrosesxyz](https://x.com/deadrosesxyz) | | 50k | 严重 | [VeChainThor](https://immunefi.com/blog/all/vechainthor-vtho-accrual-bypass-bug-fix-review/) | [nnez](https://x.com/__nnez) | | - | 高 | [Fraxlend](https://mirror.xyz/0x22ce3c4ce1EC532437209efA79d05CD294651ec3/M6vD6XshTuZc53DFm0chQwYD15fxQ29G1mbxNi9ZLwU) | [Juan](https://x.com/0xjuaan) & [Spearmint](https://x.com/0xSpearmint) | | 100k | 严重 | [Story](https://www.story.foundation/blog/story-network-postmortem) | [WhiteHatMage](https://x.com/WhiteHatMage) | | - | 严重 | [Story](https://www.story.foundation/blog/story-network-postmortem) | [Jiri123](https://x.com/Jiri123_eth) | | 6.71k | 严重 | [Movement Labs](https://medium.com/@yemresaritoprak/permanent-chain-split-in-movement-full-node-anatomy-of-a-6-710-critical-vulnerability-that-fa75fe66a0c7) | [Yunus Emre Sarıtoprak](https://x.com/yemresaritoprak) | | - | 高 | [Lido](https://research.lido.fi/t/security-disclosure-dg-weakness-reported-through-immunefi-funds-not-at-risk/10393) | [riptide](https://twitter.com/0xriptide) | | 50k | 高 | [Sui](https://immunefi.com/blog/bug-fix-reviews/sui-network-shutdown/) | F4lt | | - | 严重 | [marginfi](https://blog.asymmetric.re/threat-contained-marginfi-flash-loan-vulnerability/) | [Felix Wilhelm](https://x.com/_fel1x) | | 未支付 | 严重 | [RAI](https://www.trust-security.xyz/post/returndata-bombing-rai-s-liquidation-engine-a-critical-bug-worth-0) | [Trust Security](https://www.trust-security.xyz/team) | | - | 高 | [dHEDGE](https://x.com/s4muraii77/status/2012140371938070888) | [samuraii77](https://x.com/s4muraii77) | | 200k | 严重 | [zkSync Lite](https://x.com/Ehsan1579/status/2013482485175226811) | [Ehsan](https://x.com/Ehsan1579) | | - | 严重 | [Gnosis](https://x.com/therealgregoAI/status/2030923482159059433) | [GregoAI](https://x.com/therealgregoAI) | | - | 严重 | [Gnosis](https://x.com/therealgregoAI/status/2029144265800970664) | [GregoAI](https://x.com/therealgregoAI) | | - | 低 | [Uniswap](https://x.com/therealgregoAI/status/2044063044032995489) | [GregoAI](https://x.com/therealgregoAI) | | - | 严重 | [Yearn](https://x.com/therealgregoAI/status/2028445384461205770) | [GregoAI](https://x.com/therealgregoAI) | | - | 严重 | [Reserve](https://x.com/reserveprotocol/status/2027121090343174359) | [GregoAI](https://x.com/therealgregoAI) | | - | 低 | [Uniswap](https://x.com/therealgregoAI/status/2025848523724312609) | [GregoAI](https://x.com/therealgregoAI) | | - | 严重 | [Balancer](https://x.com/therealgregoAI/status/2013922384219177085) | [GregoAI](https://x.com/therealgregoAI) | | 50K | 严重 | [Injective](https://x.com/al_f4lc0n/status/2033110168045568434) | [f4lc0n](https://x.com/al_f4lc0n) |
- [SCV-List](https://github.com/sirhashalot/SCV-List) | 赏金金额 | **严重性** | **协议名称 + 报告链接** | **白帽黑客** | | ---------------------- | ---------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------- | | 10M | 严重 | [Wormhole](https://medium.com/immunefi/wormhole-uninitialized-proxy-bugfix-review-90250c41a43a) | [satya0x](https://twitter.com/satya0x) | | 6M | 严重 | [Aurora](https://medium.com/immunefi/aurora-infinite-spend-bugfix-review-6m-payout-e635d24273d) | [pwning.eth](https://twitter.com/PwningEth) | | 2M | 严重 | [Optimism](https://medium.com/immunefi/optimism-infinite-money-duplication-bugfix-review-daa6597146a0) | [saurik](https://twitter.com/saurik) | | 1M+50k | 严重 | [Moonbeam](https://pwning.mirror.xyz/okyEG4lahAuR81IMabYL5aUdvAsZ8cRCbYBXh8RHFuE) | [pwning.eth](https://twitter.com/PwningEth) | | 1M | 严重 | [Polkadot Frontier EVM](https://pwning.mirror.xyz/RFNTSouIIlHVNmTNDThUVb1obIeN5c1LAiQuN9Ve-ok) | [pwning.eth](https://twitter.com/PwningEth) | | 200k | 严重 | [Interlay](https://pwning.mirror.xyz/jlT8OgtwN3mQf3KdYmXdcSXbE4s95JzT3eR3wxiLmpw) | [pwning.eth](https://twitter.com/PwningEth) | | 250k | 严重 | [Sherlock Yield Strategy](https://mirror.xyz/0xE400820f3D60d77a3EC8018d44366ed0d334f93C/LOZF1YBcH1eBdxlC6HP223cAMeTpNgQ-Kc4EjQuxmGA) | [GothicShanon89238](https://twitter.com/Shanon40439853) | | 1M+50K | 严重 | [Belt](https://medium.com/immunefi/belt-finance-logic-error-bug-fix-postmortem-39308a158291) | [Bobface](https://twitter.com/bobface16) | | 800K | 严重 | [Fei](https://medium.com/immunefi/fei-protocol-flashloan-vulnerability-postmortem-7c5dc001affb) | [Bobface](https://twitter.com/bobface16) | | 400 ETH | 严重 | [Arbitrum](https://medium.com/@0xriptide/hackers-in-arbitrums-inbox-ca23272641a2) | [riptide](https://twitter.com/0xriptide) | | 50 ETH | 严重 | [Balancer](https://mirror.xyz/0x2719F6Dfb85086F87319079cC2f7EeFD0e40994D/NWDf5uW1Ve7-TrcPKwmM86xp8ploMSCRGC58A-NSoFY) | [riptide](https://twitter.com/0xriptide) | | 未支付(超出范围) | - | [LEVEL Finance](https://twitter.com/0xriptide/status/1658708383535333380) | [riptide](https://twitter.com/0xriptide) | | ~182K | 严重 | [BeanStalk](https://medium.com/immunefi/beanstalk-logic-error-bugfix-review-4fea17478716) | - | | 50K | 严重 | [Sense](https://medium.com/immunefi/sense-finance-access-control-issue-bugfix-review-32e0c806b1a0) | [alephv.eth](https://twitter.com/alpeh_v) | | 50k | 严重 | [Fluidity](https://www.trust-security.xyz/post/breaking-fluidity-for-glory-and-50k) | [Trust](https://twitter.com/trust__90) | | 20k | 严重 | [Oasis](https://www.trust-security.xyz/post/taking-home-a-20k-bounty-with-oasis-platform-shutdown-vulnerability) | [Trust](https://twitter.com/trust__90) | | 2k | 严重 | [Fringe.fi](https://www.trust-security.xyz/post/diving-deep-into-a-critical-protocol-insolvency-bug-in-fringe-fi-lending-platform) | [Trust](https://twitter.com/trust__90) | | 5K | 严重 | [O3](https://www.trust-security.xyz/post/critical-finding-stealing-tokens-from-o3-bridge-users) | [Trust](https://twitter.com/trust__90),[0xDjango](https://twitter.com/0xDjangoOnChain) | | 未支付 | 中等 | [Morpho](https://www.trust-security.xyz/post/med-morpho-finance-logic-contract-can-be-destroyed-via-controlled-delegatecall) | [Trust](https://twitter.com/trust__90) | | 未支付 | 严重 | [Compound](https://www.trust-security.xyz/post/crit-compound-liquidators-may-seize-assets-not-held-as-collateral-closed-as-known-issue) | [Trust](https://twitter.com/trust__90) | | - | 高 | [ANKR/Stader](https://www.trust-security.xyz/post/high-ankr-stader-reward-distribution-is-vulnerable-to-mev-leading-to-theft-of-reward-won-t-fix) | [Trust](https://twitter.com/trust__90) | | 未支付 | 高 | [Iron Bank](https://www.trust-security.xyz/post/high-iron-bank-liquidator-is-not-credited-with-correct-collateral-amount) | [Trust](https://twitter.com/trust__90) | | 未支付 | 高 | [Iron Bank](https://www.trust-security.xyz/post/high-iron-bank-collateral-cap-is-not-enforced-at-account-initialization) | [Trust](https://twitter.com/trust__90) | | - | 低 | [ANKR](https://www.trust-security.xyz/post/low-ankr-user-gets-more-gas-than-supposed-to-when-distributing-rewards) | [Trust](https://twitter.com/trust__90) | | 未支付 | 严重 | [Brahma](https://www.trust-security.xyz/post/crit-brahma-fi-fee-collection-does-not-take-previous-losses-into-account) | [Trust](https://twitter.com/trust__90) | | 未支付 | 严重 | [Brahma](https://www.trust-security.xyz/post/crit-brahma-fi-l2-position-handler-miscalculates-position-value-leading-to-severe-risks) | [Trust](https://twitter.com/trust__90) | | 未支付 | 中等 | [Brahma](https://www.trust-security.xyz/post/med-brahma-fi-curve-miscalculations-may-cause-user-withdraws-to-fail) | [Trust](https://twitter.com/trust__90) | | | | | | | 未支付 | 严重 | [Oasis](https://www.trust-security.xyz/post/the-story-of-the-0-day-crit-that-wasn-t) | [Trust](https://twitter.com/trust__90) | | 未支付 | - | [Tokemak](https://www.trust-security.xyz/post/tokemak-liquidity-operator-can-steal-funds) | [Trust](https://twitter.com/trust__90) | | 20k | 高 | [Thena](https://zzykxx.com/2023/02/02/the-bug-that-codearena-missed-,-twice/) | [zzykxx](https://twitter.com/zzykxx) | | 28k | 严重 | [Alchemist](https://dacian.me/28k-bounty-admin-brick-forced-revert) | [Dacian](https://twitter.com/DevDacian) | | 1k | 低 | [Warden Swap](https://github.com/TradMod/Security-Audits/blob/main/Bug%20Bounty/WardenSwapBugReport.md) | [ABDul Rehman](https://x.com/TheTradMod) | | 未支付 | 严重 | [Hourglass (旧版) ](https://github.com/TradMod/Security-Audits/blob/main/Bug%20Bounty/HourglassBugReport.md) | [ABDul Rehman](https://x.com/TheTradMod) | | 20K | 高 | [Thena](https://zzykxx.com/2023/02/27/a-very-helpful-sign/) | [zzykxx](https://twitter.com/zzykxx) | | 未支付 | 严重 | [Angle](https://medium.com/@deliriusz/stealing-in-motion-immunefi-bounty-hunting-from-different-angle-5eb03602f5c1) | [deliriusz.eth](https://twitter.com/deliriusz_eth) | | 44.8 ETH | 严重 | [Tranchess](https://www.kalos.xyz/blog/tranchess-liquid-staking-deposit-firstrun-vulnerability-analysis) | [Jade](https://twitter.com/windowhan) | | 2.5k | 低 | [Hyperlane](https://github.com/0xRajkumar/audits/blob/main/Immunefi/README.md#wrong-use-of-assembly-builtin-function) | [ 0xRajkumar](https://twitter.com/0xRajkumar) | | 5k | 中等 | [Ocean](https://mirror.xyz/chiefdestroyer.eth/Xd08Mseb33gbyo-9py9old7ejYz6sVxOsle6v-1RRmc) | [Shanmuga Bharathi. N](https://twitter.com/ch13fd357r0y3r) | | 1K | 严重 | [Betverse](https://mirror.xyz/chiefdestroyer.eth/iB31aKROKdXZG1MiZjoOdbAq-jzEz_PgVrUKUnA_ILg) | [Shanmuga Bharathi. N](https://twitter.com/ch13fd357r0y3r) | | 40K | 高 | [Cronos](https://medium.com/immunefi/cronos-theft-of-transactions-fees-bugfix-postmortem-b33f941b9570) | [zb3](https://github.com/zb3) | | 180K+450K | 严重 | [Port](https://medium.com/immunefi/port-finance-logic-error-bugfix-review-29767aced446) | [nojob](https://twitter.com/nojob_capital) | | 42K | 严重 | [88mph](https://medium.com/immunefi/88mph-function-initialization-bug-fix-postmortem-c3a2282894d3) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | 25k | 高 | [Ondo](https://iosiro.com/blog/high-risk-vulnerability-disclosed-to-ondo-finance) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | 7.5K | 高 | [Alchemix](https://medium.com/immunefi/alchemix-access-control-bug-fix-debrief-a13d39b9f2e0) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | - | 严重 | [pxMythics](https://ashiq.co.za/tabs/research/#-critical-vulnerability-disclosed-to-pxmythics) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | - | 严重 | [abwagmi](https://ashiq.co.za/tabs/research/#-critical-vulnerability-disclosed-to-abwagmi) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | - | 严重 | [Polygon](https://ashiq.co.za/tabs/research/#-critical-vulnerability-disclosed-to-polygon) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | - | 严重 | [OpenZeppelin](https://ashiq.co.za/tabs/research/#%EF%B8%8F-critical-vulnerability-disclosed-to-four-definft-projects-and-escalated-to-openzeppelin) | [Ashiq Amien](https://twitter.com/AshiqAmien) | | 5K | 高 | [Charged Particles](https://medium.com/immunefi/charged-particles-griefing-bug-fix-postmortem-d2791e49a66b) | [janbro.eth](https://twitter.com/unsafe_call) | | 10K | 严重 | [Mt Pelerin](https://medium.com/immunefi/mt-pelerin-double-transaction-bugfix-review-503838db3d70) | - | | 150K | 严重 | [Synthetix](https://medium.com/immunefi/synthetix-logic-error-bugfix-review-40da0ead5f4f) | thunderdeep14 | | 560k | 严重 | [Redacted Cartel](https://medium.com/immunefi/redacted-cartel-custom-approval-logic-bugfix-review-9b2d039ca2c5) | [Tommaso Pifferi](https://twitter.com/neslinesli93) | | 100K | 严重 | [APWine](https://medium.com/immunefi/apwine-incorrect-check-of-delegations-bugfix-review-7e401a49c04f) | setuid0 | | 19K | 严重 | [Enzyme](https://medium.com/immunefi/enzyme-finance-price-oracle-manipulation-bug-fix-postmortem-4e1f3d4201b5) | setuid0 | | 1M+100k 备注 | 严重 | [Notional](https://medium.com/immunefi/notional-double-counting-free-collateral-bugfix-review-28b634903934) | [0x60511e57](https://twitter.com/0x60511e57) | | 4.5K | 严重 | [Bitswift](https://medium.com/immunefi/bitswift-unlimited-mint-bugfix-postmortem-147a1e57dca9) | - | | 75K | 高 | [Polygon](https://medium.com/immunefi/polygon-consensus-bypass-bugfix-review-7076ce5047fe) | [Niv Yehezkel](https://twitter.com/invlpgtbl) | | 500 | 严重 | [dHEDGE](https://mirror.xyz/0x6746Cae57DA75D77137f7749582f511B4d9f866c/fU6YVrXulTL5z5qMraVTDJmnUiPP8NH17XGzDJLvq1k) | [Quantish](https://mirror.xyz/0x6746Cae57DA75D77137f7749582f511B4d9f866c) | | - | 严重 | [Multichain (原名Anyswap)](https://medium.com/@gr_gred/how-i-found-2-bugs-after-2-audits-on-smart-contracts-with-20-mil-3a23209b463d) | [Vladislav Yaroshuk](https://medium.com/@gr_gred) | | 60K | 严重 | [Mushrooms](https://medium.com/immunefi/mushrooms-finance-logic-error-bug-fix-postmortem-780122821621) | [CKK Sec](https://twitter.com/ckksec) | | 25K | 严重 | [Zapper](https://medium.com/immunefi/zapper-arbitrary-call-data-bug-fix-postmortem-d75a4a076ae9) | [Lucash-dev](https://twitter.com/lucash_dev) | | 25K | 严重 | [Tidal](https://medium.com/immunefi/tidal-finance-logic-error-bug-fix-postmortem-3607d8b7ed1f) | [csanuragjain](https://twitter.com/csanuragjain) | | 5K | 中等 | [xDai](https://medium.com/immunefi/xdai-stake-arbitrary-call-method-bug-postmortem-f80a90ac56e3) | 0xadee028d | | 1k | 低 | [IPOR](https://twitter.com/HollaWaldfee100/status/1656992468867465222) | [HollaWaldfee](https://twitter.com/HollaWaldfee100) | | 400K | 严重 | [Enzyme](https://medium.com/immunefi/enzyme-finance-missing-privilege-check-bugfix-review-ddb5e87b8058) | [rootrescue](https://twitter.com/rootedrescue) | | - | 中等 | [Polygon zkEVM](https://twitter.com/0xiczc/status/1662090451493740545) | [iczc](https://twitter.com/0xiczc) | | 800+800 | - | [Lybra Finance](https://medium.com/@smaul_1/enhancing-protocol-integrity-addressing-bugs-in-the-lybra-finance-contract-21c1e4b68387) | [Soumen Jana](https://twitter.com/smaul_1) | | - | 严重 | [Spartan](https://github.com/gogotheauditor/audits/blob/main/reports/Spartan-Immunefi-Bug-Bounty.md) | [gogo](https://twitter.com/gogotheauditor) | | 100k | 严重 | [DFX Finance](https://medium.com/immunefi/dfx-finance-rounding-error-bugfix-review-17ba5ffb4114) | perseverance | | - | - | [Perennial](https://mirror.xyz/0x9D6b7f5e8d1b9dFea8dDD29c0DbD81687e721601/mm_D_HrqfntAkGM1DvVQvy1WuPbj99pKYfRp-xDbs8U) | [Zach Obront](https://twitter.com/zachobront) | | 100k | 严重 | [Silo](https://twitter.com/kankodu/status/1669833829203476480) | [kankodu](https://twitter.com/kankodu) | | 50K | 严重 | [Q Blockchain](https://medium.com/@blockian/striking-gold-at-30-000-feet-uncovering-a-critical-vulnerability-in-q-blockchain-for-50-000-ab335042147b) | [Blockian](https://twitter.com/_blockian) | | - | - | [Astroport](https://defihacklabs.substack.com/p/chainlight-patch-thursday-astroports?utm_source=profile&utm_medium=reader2) | [ChainLight](https://twitter.com/chainlight_io) | | 50K | 严重 | [BendDAO](https://medium.com/@BendDAO/sewer-pass-flash-claim-vulnerability-9d2b0b1e09ef) | - | | - | 中等 | [OpenZeppelin](https://twitter.com/0xDACA/status/1669846430528286722) | [Daniel Cohen Hillel](https://twitter.com/0xDACA) | | - | 严重 | [Eco](https://mirror.xyz/0x333247F2e126954ed6428e9135Ae9dE06A76BA32/Hhs0AGFqqemCljNa49AnYVUTrLPCvdyPtd23k4iwQ_M) | [merkle_bonsai](https://twitter.com/merkle_bonsai) | | - | - | [Bifrost Finance](https://medium.com/@thiagoweb3/arrays-as-input-in-smart-contracts-things-you-should-know-b1eed7a2d17d) | [Matue](https://twitter.com/auditorweb3) | | 2k | - | [-](https://medium.com/@sudout92/exploiting-signature-verification-vulnerabilities-in-smart-contracts-f4eb64cd3b23) | [Heuss](https://twitter.com/UnoHeuss) | | 未支付(重复) | 严重 | [-](https://medium.com/@Heuss/critical-nft-bridge-vulnerability-potential-theft-of-deposited-nfts-f5b26a7776eb) | [Heuss](https://twitter.com/UnoHeuss) | | 95K | 严重 | [Yield Protocol](https://medium.com/immunefi/yield-protocol-logic-error-bugfix-review-7b86741e6f50) | [Paludo0x](https://twitter.com/PaludoX0) | | 500 | 严重 | [O3 Swap](https://medium.com/@Heuss/unprotected-swap-function-a-erc777-reentrancy-vulnerability-81aaeaa75a2a) | [Heuss](https://twitter.com/UnoHeuss) | | 20K | 高 | [-](https://mirror.xyz/0xa270bb1241FF428927406e5Fde47e7EA8592aFb1/cf1QndLvVDnaSU38EtyFppYKMgF5ZDi0E6Olcsh-GSI) | [Driver](https://twitter.com/qwerty6875987) | | 10k | 2 x 中等 | [DFX Finance](https://www.beirao.xyz/blog/BB1-DFX) | [Beirao](https://twitter.com/0xBeirao) | | - | 严重 | [Beluga Protocol](https://github.com/MiloTruck/audits/blob/main/immunefi/beluga-C-01.md) | [MiloTruck](https://twitter.com/milotruck) | | - | 信息性 | [GYSR](https://github.com/MiloTruck/audits/blob/main/immunefi/gysr-I-01.md) | [MiloTruck](https://twitter.com/milotruck) | | 20K | 严重 | [Optimism](https://www.iosiro.com/blog/optimism-censorship-bug-disclosure) | [iosiro](https://twitter.com/iosiro_security) | | - | 严重 | [Threshold Network](https://blog.threshold.network/retro-l2-wormholegateway-crit/) | -| | 1M | 严重 | [Balancer](https://medium.com/immunefi/balancer-rounding-error-bugfix-review-cbf69482ee3d) | [GothicShanon89238](https://twitter.com/Shanon40439853)| | - | - | [RAI](https://mirror.xyz/vnmrtz.eth/WXm4QJFInoB992czPniFbQyAkGUkdoaSd5zEjK5uRIo) | [vnmrtz.eth](https://twitter.com/vn_martinez_)| | 5k | 严重 | [Lybra Finance](https://twitter.com/Guhu95/status/1722533559943287251) | [guhu](https://twitter.com/Guhu95)| | 30k | 严重 | [Perpetual Protocol](https://securitybandit.com/2023/02/07/bad-debt-attack-for-perpetual-protocol/) | [banditx0x](https://twitter.com/banditx0x)| | - | 无 | [Ocean Protocol](https://mirror.xyz/0x333247F2e126954ed6428e9135Ae9dE06A76BA32/GgAUn8pLDqMdM4s0FWZTd5XPHJWrRmLBqbLFxbPOdbo) | [merkle_bonsai](https://twitter.com/merkle_bonsai/)| | - | 严重 | [Ocean Protocol](https://mirror.xyz/0x333247F2e126954ed6428e9135Ae9dE06A76BA32/pZBMxr2Kd2YYUO9lpgN8Xf0Lc_HM7q5G5iIwa7GrUhM) | [merkle_bonsai](https://twitter.com/merkle_bonsai/)| | - | 严重 | [Talent Protocol](https://mirror.xyz/0xCf39521413F8De389771e35bB4C77b4bb827b7B3/HdSq7TVvk-s7DzQgN3u0pV8UFiVkaDft18HgmePTag4) | [okkothejawa](https://twitter.com/okkothejawa),[𝗌𝗂𝗀𝗁](https://twitter.com/sigh242)| | 50K | 严重 | [zkSync Era](https://medium.com/chainlight/uncovering-a-zk-evm-soundness-bug-in-zksync-era-f3bc1b2a66d8) | [ChainLight](https://twitter.com/chainlight_io/)| | 200K | 严重 | [Tranchess](https://github.com/floranguyen0/tranchess-vulnerability-disclosure) | [Flora](https://twitter.com/chainSiren)| | - | 高 | [Retro+Thena+`未知协议` ](https://github.com/deadrosesxyz/BugWriteups/blob/main/RetroThenaX.md) | [deadrosesxyz](https://twitter.com/deadrosesxyz)| | 50K | 严重 | [Astar](https://www.zellic.io/blog/finding-a-critical-vulnerability-in-astar/) | [Zellic](https://twitter.com/zellic_io)| | - | 2 x 中等 | [Cronos Gravity Bridge](https://faith2dxy.xyz/2023-12-12/cronos-gravity-bridge-bugs/) | [Faith](https://twitter.com/farazsth98)| | - | 低 | [Nomad](https://nikitastupin.com/blog/2023/04/15/not-is-not-iszero.html) | [Nikita Stupin](https://twitter.com/_nikitastupin) | | 1.1M | 严重 | [Beanstalk](https://medium.com/immunefi/beanstalk-insufficient-input-validation-bugfix-review-fc3fdbaab15b) | nicole | | 50k(总计) | 中等 | [100+个项目](https://www.trust-security.xyz/post/permission-denied) | [Trust Security](https://www.trust-security.xyz/team) | | 200k | 严重 | [Oasys](https://mirror.xyz/0x333247F2e126954ed6428e9135Ae9dE06A76BA32/a6HqOCOjJ10Bosyi0cGz6Lxff8t68Uo4YvFsVg2tHaw) | [merkle_bonsai](https://twitter.com/merkle_bonsai/) | | - | 高/中等 | [15+个项目](https://mirror.xyz/curiousapple.eth/pFqAdW2LiJ-6S4sg_u1z08k4vK6BCJ33LcyXpnNb8yU) | [curiousapple](https://twitter.com/0xcuriousapple) | | 200k | 严重 | [zkSync Lite](https://medium.com/immunefi/zksync-insufficient-proof-verification-bugfix-review-dcd57944d0e2) | [LonelySloth](https://twitter.com/lonelysloth_sec) | | - | 严重 | [Polygon PoS](https://www.asymmetric.re/blog/polygon-log-confusion) | [Barracuda3172](https://twitter.com/asymmetric_re) | | ~76K | 严重 | [Stacks](https://medium.com/immunefi/stacks-dos-bugfix-review-dc0f2a75b276) | [Catchme](https://twitter.com/ma1fan) | | 未支付 | 2 x 高 | [Stargate](https://www.trust-security.xyz/post/learning-by-breaking-a-layerzero-case-study-part-2) | [Trust Security](https://www.trust-security.xyz/team) | | 5K | 低 | [LayerZero](https://www.trust-security.xyz/post/learning-by-breaking-a-layerzero-case-study-part-3) | [Trust Security](https://www.trust-security.xyz/team) | | - | 严重 | [Deri](https://mirror.xyz/0x2719F6Dfb85086F87319079cC2f7EeFD0e40994D/HVfC1Q3ZnOhMpMir1dDMW_e0aXDkcOKsUf30dNbAumA) | [riptide](https://twitter.com/0xriptide) | | - | 严重 | [Polygon zkEVM](https://blog.verichains.io/p/discovering-and-fixing-a-critical) | [Verichains](https://twitter.com/Verichains) | | 1.6K | 严重 | [Cronos](https://gist.github.com/fatherGoose1/690fa2d8245488b6750b67a0fdeb34bc) | [0xDjango](https://twitter.com/0xDjangoOnChain) | | 290,497 | 高 + 严重 | [The Graph](https://medium.com/immunefi/the-graph-rounding-error-bugfix-review-c946ff470f65) | [GregadETH](https://x.com/Gregadeth) | | 2M+75k | 2 x 严重 | [Sei Network](https://usmannkhan.com/bug%20reports/2024/06/17/sei-bug-report.html) | [usmannk](https://x.com/usmannk) | | 15k | 中等 | [Sovryn](https://x.com/gandu_whitehat/status/1803794103248806223) | [gandu](https://x.com/gandu_whitehat) | | 505k | 严重 | [Raydium](https://medium.com/immunefi/raydium-tick-manipulation-bugfix-review-c6aae4527ed6) | [riproprip](https://x.com/riproprip) | | 75k | 严重 | [Sei Network](https://exvul.com/share-the-details-sei-protocol-vulnerability-worth-75k/) | [Catchme](https://x.com/ma1fan) | | - | 杂项 | [-](https://github.com/devNamedKiki/Audits?tab=readme-ov-file#bug-bounties) | [Kiki](https://x.com/Kiki_developer) | | 150k | 严重 | [Evmos](https://medium.com/@jjordanjjordan/150-000-evmos-vulnerability-through-reading-documentation-d26328590a7a) | [jayjonah.eth](https://x.com/jayjonah_eth) | | 50k | 高 | [Wormhole](https://x.com/marcotnunes/status/1889707212450234629) | [Marco Nunes](https://x.com/marcotnunes) | | 250k | 严重 | [Balancer V2](https://mirror.xyz/0x38F1416B9Ed3a5DA9C12c56cb4F74D9564844728/iv9_q74rSlK7gbvbJAECuDIbzfUtrSCO6mSWIHPskKI) | [kankodu](https://x.com/kankodu) | | 50k | 严重 | [Axelar Network](https://marcotnunes.com/axelar-network-cross-chain-halt-vulnerability/) | [Marco Nunes](https://x.com/marcotnunes) | | - | 高 | [Vesu](https://x.com/kankodu/status/1904821401510699389) | [kankodu](https://x.com/kankodu) | | 70k | 严重 | [Acala](https://immunefi.com/blog/all/acala-block-production-shutdown-bug-fix-review/) | [Lastc0de](https://x.com/thel4stc0de) | | 1k | 严重 | [Scroll](https://x.com/shabarkin/status/1917483039195816213) | [Pavel Shabarkin](https://x.com/shabarkin) | | 1M | 严重 | [Scroll](https://forum.scroll.io/t/report-scroll-mainnet-emergency-upgrade-on-2025-04-25/666#p-1404-issue-2-message-spoofing-in-the-bridge-4) | [WhiteHatMage](https://x.com/WhiteHatMage) | | - | 严重 | [Vesu](https://docs.vesu.xyz/security/disclosures-report/rounding-convention-bug-disclosure) | [Alex](https://x.com/__alexxander_) | | - | 高 | [Across V3](https://mirror.xyz/0x9D6b7f5e8d1b9dFea8dDD29c0DbD81687e721601/mrt70ckjaZymv9keUy_TzHVIzjBOQr-Hx_KI1ydFeoQ) | [Zach Obront](https://x.com/zachobront) & [deadrosesxyz](https://x.com/deadrosesxyz) | | 50k | 严重 | [VeChainThor](https://immunefi.com/blog/all/vechainthor-vtho-accrual-bypass-bug-fix-review/) | [nnez](https://x.com/__nnez) | | - | 高 | [Fraxlend](https://mirror.xyz/0x22ce3c4ce1EC532437209efA79d05CD294651ec3/M6vD6XshTuZc53DFm0chQwYD15fxQ29G1mbxNi9ZLwU) | [Juan](https://x.com/0xjuaan) & [Spearmint](https://x.com/0xSpearmint) | | 100k | 严重 | [Story](https://www.story.foundation/blog/story-network-postmortem) | [WhiteHatMage](https://x.com/WhiteHatMage) | | - | 严重 | [Story](https://www.story.foundation/blog/story-network-postmortem) | [Jiri123](https://x.com/Jiri123_eth) | | 6.71k | 严重 | [Movement Labs](https://medium.com/@yemresaritoprak/permanent-chain-split-in-movement-full-node-anatomy-of-a-6-710-critical-vulnerability-that-fa75fe66a0c7) | [Yunus Emre Sarıtoprak](https://x.com/yemresaritoprak) | | - | 高 | [Lido](https://research.lido.fi/t/security-disclosure-dg-weakness-reported-through-immunefi-funds-not-at-risk/10393) | [riptide](https://twitter.com/0xriptide) | | 50k | 高 | [Sui](https://immunefi.com/blog/bug-fix-reviews/sui-network-shutdown/) | F4lt | | - | 严重 | [marginfi](https://blog.asymmetric.re/threat-contained-marginfi-flash-loan-vulnerability/) | [Felix Wilhelm](https://x.com/_fel1x) | | 未支付 | 严重 | [RAI](https://www.trust-security.xyz/post/returndata-bombing-rai-s-liquidation-engine-a-critical-bug-worth-0) | [Trust Security](https://www.trust-security.xyz/team) | | - | 高 | [dHEDGE](https://x.com/s4muraii77/status/2012140371938070888) | [samuraii77](https://x.com/s4muraii77) | | 200k | 严重 | [zkSync Lite](https://x.com/Ehsan1579/status/2013482485175226811) | [Ehsan](https://x.com/Ehsan1579) | | - | 严重 | [Gnosis](https://x.com/therealgregoAI/status/2030923482159059433) | [GregoAI](https://x.com/therealgregoAI) | | - | 严重 | [Gnosis](https://x.com/therealgregoAI/status/2029144265800970664) | [GregoAI](https://x.com/therealgregoAI) | | - | 低 | [Uniswap](https://x.com/therealgregoAI/status/2044063044032995489) | [GregoAI](https://x.com/therealgregoAI) | | - | 严重 | [Yearn](https://x.com/therealgregoAI/status/2028445384461205770) | [GregoAI](https://x.com/therealgregoAI) | | - | 严重 | [Reserve](https://x.com/reserveprotocol/status/2027121090343174359) | [GregoAI](https://x.com/therealgregoAI) | | - | 低 | [Uniswap](https://x.com/therealgregoAI/status/2025848523724312609) | [GregoAI](https://x.com/therealgregoAI) | | - | 严重 | [Balancer](https://x.com/therealgregoAI/status/2013922384219177085) | [GregoAI](https://x.com/therealgregoAI) | | 50K | 严重 | [Injective](https://x.com/al_f4lc0n/status/2033110168045568434) | [f4lc0n](https://x.com/al_f4lc0n) |
标签:DeFi安全, Immunefi, Solidity, Web3安全, 以太坊, 区块链安全, 智能合约安全, 漏洞修复, 漏洞分析, 漏洞报告, 漏洞披露, 白帽黑客, 网络安全, 网络安全培训, 网络安全研究, 路径探测, 防御加固, 隐私保护