MetaMask - HackerOne Reports

Bypass parsing of transaction data, users on the phishing site will transfer/approve ERC20 tokens without being alerted

Reported by: ronnyx2017 | Disclosed:

Low

Weakness: Improper Input Validation

Bounty: $1000.00

Reported by: pkkr | Disclosed:

High

Reported by: hackerontwowheels | Disclosed:

Medium

Weakness: Business Logic Errors

Reported by: renekroka | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Reported by: bug_vs_me | Disclosed:

Medium

Weakness: Authentication Bypass Using an Alternate Path or Channel

Bounty: $3500.00

Reported by: renniepak | Disclosed:

Low

Weakness: User Interface (UI) Misrepresentation of Critical Information

Reported by: renniepak | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Reflected

Reported by: pkkr | Disclosed:

High

Weakness: Improper Access Control - Generic