Shady Oaks Finance
Daily · 4 writeupsA recurring daily challenge — each entry covers a different vulnerability. Listed oldest to newest.
BugForge - Daily - Shady Oaks Finance (Jan 2, 2026)
This vulnerability is a broken access control issue caused by insecure design, where the application trusts client-supplied input to set sensitive user…
Broken Access Control Parameter Tampering Insecure Design
Posted on 2026-01-02 20:00 6 min read
BugForge - Daily - Shady Oaks Finance (Jan 9, 2026)
This challenge demonstrates a JWT (JSON Web Token) authentication bypass vulnerability caused by improper algorithm validation. The application accepts…
JWT Authentication Bypass None Algorithm Broken Authentication
Posted on 2026-01-09 20:00 4 min read
BugForge - Daily - Shady Oaks Finance (Jan 16, 2026)
Broken access control was identified where administrative endpoints were exposed without proper server-side authorization checks. By enumerating…
Broken Access Control
Posted on 2026-01-16 20:40 3 min read
BugForge - Daily - Shady Oaks Finance (Jan 23, 2026)
This challenge demonstrates a race condition vulnerability in a currency exchange endpoint where balance verification and balance deduction are not performed…
Race Condition Toctou
Posted on 2026-01-23 20:00 4 min read