This repository was archived by the owner on Jul 1, 2022. It is now read-only.
This repository was archived by the owner on Jul 1, 2022. It is now read-only.
Attack vector: Vulnerability withholding #14
Description
There is a couple of these, but essentially they boil down to the following scenario:
An attacker finds a vulnerability. The Exploitable contract's bounty is connected to its balance. Assuming the contract's balance is ever growing, an attacker would be incentivized to withhold their vulnerability as they'd earn more bug bounty at a later stage.
If they see that a competing vulnerability was submitted, they could quickly front-run that one to submit theirs first.