Polygon White Hat Awarded $75,000 to Save Billions in User Funds

Millions lost as Solana DeFi app hacked cashio suffering


Key receivers

Polygon posted a “maximum weight” that allowed the attacker to withdraw all funds from the deposit manager's contract. Nev Yezkel, who discovered and reported the error, was awarded $75,000. He tweeted that the vulnerability put billions of dollars at risk. Imunefi said the vulnerability was not exploitable at the time of the report.

Share this article

Bug bounty platform Immunefi says Polygon recently covered a “high-profile” vulnerability in its network's authentication system that put billions of dollars at risk.

Polygon Dodges Critical Uhu

Polygon, the proof-of-stake sidechain on Ethereum, has fixed a “consensus bypass” bug that could have caused billions of dollars in losses.

According to Immunifi bug fixes Report Published Monday, the vulnerability, first reported on January 15 by White Hat's Niv Yehezkel, allows an attacker to bypass the network's consensus limits and “take all funds from the deposit manager, participate in unlimited withdrawals, DoS [Denial-of-Service attack] and others.”

Yezkel, who received a $75,000 reward from Polygon for reporting the bug, said in a tweet today that the vulnerability put billions of dollars at risk.

bybit

According to Immunifi, the vulnerability affected the authentication system of Polygon's smart contract on Ethereum. Specifically, an attacker would need to meet three specific conditions to exploit the vulnerability. However, meeting the requirements will allow them to withdraw all tokens from the network's deposit manager.

“After this consensus pass, the attacker can send malicious probes denying the withdrawal of tokens from Polygon, essentially draining all tokens from the deposit manager and demanding all Himdal fees and more,” the report said.

Commenting on the severity of the exploit, Iminefi's Chief Technology Officer Duncan Townsend told Crypto Briefing that “no funds were at risk at the time of the report because the bug was not exploitable at the time of the report.” He also said he thought the $75,000 award was “generous” given the weight of the exposure.

According to data from Diffie Llama, Polygon holds more than $4.17 billion in total value locked up in the Diffie ecosystem. It is the most used sidechain of Ethereum, with more value than Layer 2 networks like Arbitrum and Optimism. Earlier this month, it raised $450 million in an investment round led by prominent venture capital firm Sequoia.

Polygon has dealt with several similar security issues in the past. In October, he approached a possible error 850 million dollars Exploitation, paying a $2 million bounty to the White Hat who revealed it. In December, a hacker stole $1.6 million in MATIC tokens due to another critical bug in the network. Polygon's quick response to the crisis averted a $20 billion crisis.

The Polygon team could not be reached for comment at press time. Polygon also chooses to share bug fix details on its communication channels.

Disclosure: At the time of writing this article, the author of this feature owns ETH and several other cryptocurrencies.

Share this article

The information on or included in this website is obtained from independent sources that we believe to be accurate and reliable, but we make no representations or warranties as to the timeliness, completeness or accuracy of any information on or accessible from this website. . Decentralized Media, Inc. Not an investment advisor. We do not provide personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may be out of date, or may be incomplete or incorrect. We may, but are not obligated to, update any outdated, incomplete or inaccurate information.

You should not make an investment decision in an ICO, IEO or other investment based on the information on this website and you should never interpret or rely on any information on this website as investment advice. If you are seeking investment advice on an ICO, IEO or other investment, we strongly recommend that you consult a licensed investment advisor or other qualified financial professional. We do not receive compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities or commodities.

See full terms and conditions.

Leave a Reply

Pin It on Pinterest