1. Ergo Platform API Vulnerability: Unbounded Inputs in /api/lp/apy Endpoint Risk APY Manipulation
A critical vulnerability in the Ergo blockchain platform's liquidity provider API allows malicious actors to manipulate displayed Annual Percentage Yield (APY) calculations. The `/api/lp/apy` endpoint, defined in `lp_routes.py`, fails to validate user-controlled query parameters `avg_bet_size` and `bets_per_block`. Thi...