Two years ago I submitted a bug in Balancer V2 that let attackers create infinite token balances by front-running ERC20 deployments. I was paid $250k for this critical bug and it was made public recently.