Bugs showcase #1: Chaining a lack of values correlation, linear growth of attempts, and other omissions in OTP implementations to achieve 2 ATOs
This post describes two account takeover vulnerabilities w/o user interaction resulting from multiple omissions in the OTP implementations.