mcz3n | Business Logic Errors

By using a smart contract to distribute ether over a set of wallets you can manipulate the account balance of your Coinbase account.

Url	Type	Bounty
https://hackerone.com/reports/300748	Account Manipulation	$10000

User gets automatically logged in after clicking the password recovery link

Url	Type	Bounty
https://hackerone.com/reports/809	Improper Authentication	$300

Forgot Password functionality combind with Host Header attack

Url	Type	Bounty
https://medium.com/@deepanshudev369/interesting-story-of-an-account-takeover-vulnerability-140a45a058a3Ac	Account Takeover	$2000

By registering a new account with +1 in the email it would get another trail on the main email.

Url	Type	Bounty
https://mahmoud-khalid.medium.com/how-i-found-3-logic-bugs-2-access-control-issues-in-one-public-bb-program-9ce2cf66fdd8	Trial extension	-

By registering a new account with +1 in the email it would get another trail on the main email.

Url	Type	Bounty
https://mahmoud-khalid.medium.com/how-i-found-3-logic-bugs-2-access-control-issues-in-one-public-bb-program-9ce2cf66fdd8	Max amount bypass	-

By registering a new account with +1 in the email it would get another trail on the main email.

Url	Type	Bounty
https://mahmoud-khalid.medium.com/how-i-found-3-logic-bugs-2-access-control-issues-in-one-public-bb-program-9ce2cf66fdd8	Max amount bypass	-

What happens when you race 50+ login requests at once? Sometimes, magic.

Url	Type	Bounty
https://medium.com/@syedshorox27/25000-from-login-bypassed-mfa-using-a-race-condition-jwt-leak-6139fcc22573	Login bypass	$5000