Reports in blockdev sp program: S.No Title Bounty 1 xmlrpc.php FILE IS enabled it will used for Bruteforce attack and Denial of Service(DoS) $500.0 2 Earn free DAI interest (inflation) through instant CDP+DSR in one tx $0.0 3 Steal collateral during end process, by earning DSR interest after flow. $0.0 4 .git file accessible $0.0 5 Steal all MKR from flap during liquidation by exploiting lack of validation in flap.kick $0.0 6 Steal ALL collateral during liquidation by exploiting lack of validation in flip.kick $0.0 7 App Takeover ( makerdao.herokuapp.com ) $0.0 8 Two-factor authentication (2FA) Bypass $0.0 9 UNRESTRICTED FILE UPLOAD AT chat.makerdao.com $0.0 10 Wordpress users disclosure on blog.makerdao.con $0.0 11 xmlrpc.php FILE IS enable it will used for Bruteforce attack $0.0 12 DoS of https://blog.makerdao.com/ via CVE-2018-6389 $0.0 13 load scripts DOS vulnerability $0.0 14 xmlrpc.php file is enable it will used for (Denial of Service) and bruteforce attack $0.0 15 [blog.makerdao.com] Multiple Vulnerabilities - Leads to leakage user admin sensitive exposure $0.0 16 Blind SSRF at https://chat.makerdao.com/account/profile $0.0 17 Email HTML injection $0.0 18 A specially crafted value for the 'Cache-Digest' header causing crash in chat.makerdao.com $0.0 19 SQL Injection leads to retrieve the contents of an entire database. $0.0