Log injections are a class of bug that is often overlooked, both because it is difficult to spot during a black box engagement, and because the impact is difficult to determine.IN this case though the impact was easier to spot because the program processing the output logs was part of the same application...
A small bug in processing/validating the entries in the Merkel tree resulting in the theft of 2 million BNB ($586 Million USD at time of the original theft).
The problem starts in `remove_liquidity` where a contract can remove funds that they added. It will updated the `total_supply` and burn tokens, then in a loop for each coin it will decrement the `balances` and transfer them to the attacker's contract...
**tl;dr** Force others to pay you a fee for giving them a worthless token.
Three vulns that were discovered in Netlify's Next.js lib, which is heavily used across many cryptocurrency sites due to it's web3 support. With that context in mind, CIA (confidentiality, integrity, availability) is interesting with web3, as integrity is critical; the data coming from a trusted site needs to be trustworthy, as most users won't go digging through the blockchain to verify a particular address or transaction matches.