logo

Getting started with smart contract in Bug Bounty

ID: cb35d3d8-c482-5758-9027-b24cee4688bd

STIX ID: report--cb35d3d8-c482-5758-9027-b24cee4688bd

Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed

Threat Score
65/100

Date Published: 2022-04-05

Date Updated: 2026-07-04

...
...

This guest blog post explains smart contract security fundamentals and walks through a real-world bug hunting session where an overridden ERC20 transferFrom in AxonsToken lacked proper authorization checks, allowing an attacker to move arbitrary user balances into the auctionHouse and then to an attacker-controlled address; the author demonstrates a working PoC on a Rinkeby mainnet fork and recommends enforcing sender/msg.sender checks or explicit auctionHouse authorization as the fix.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.