AttackFeed by Joe Wagner | Raydium CP Swap: Unchecked Account Allows Creator Fee Hijacking  - Full Disclosure

Raydium CP Swap: Unchecked Account Allows Creator Fee Hijacking  – Full Disclosure

Posted on By Joe-W No Comments on Raydium CP Swap: Unchecked Account Allows Creator Fee Hijacking  – Full Disclosure
Alert Feeds

 

Posted by LRKTBEYK LRKTBEYK on Dec 17

I tried to report these vulnerabilities to ImmuneFi, but they closed it
(report 62070) as “out of scope.” I believe them when they tell me
something is out of scope, so now it’s public.

https://github.com/raydium-io/raydium-cp-swap/pull/62

These vulnerabilities collectively enable fee theft, creator fee hijacking,
and potential user exploitation through uncapped fee rates. Issue #3 allows
attackers to steal all creator fees from…
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
Google Firebase hosting suspension / “malware distribution” bypass  – Full Disclosure
October 21, 2025
Alert Feeds
APPLE-SA-09-15-2025-12 Xcode 26  – Full Disclosure
September 16, 2025
Alert Feeds
Stored Cross-Site Scripting (XSS) – Layout Functionality – totaljsv5013  – Full Disclosure
October 28, 2025
Alert Feeds
Stored Cross-Site Scripting (XSS) via SVG File Upload – totaljsv5013  – Full Disclosure
October 28, 2025

Leave a Reply

AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.