Polygon Whitehat Rewarded $75,000 for Saving Billions in Consumer Funds

Key Takeaways

  • Polygon has patched a “excessive severity” bug that may have allowed an attacker to empty all of the funds from the deposit supervisor contract.
  • Niv Yehezkel, who found and reported the bug, was rewarded $75,000.
  • He acknowledged on Twitter that the vulnerability put billions of {dollars} in danger. Immunefi, in the meantime, mentioned that the vulnerability was unexploitable on the time of the report.

The bug bounty platform Immunefi has revealed that Polygon just lately patched a “excessive severity” vulnerability within the community’s Proof-of-Stake system that put billions of {dollars} in danger.

Polygon Dodges Vital Hack

Polygon, a Proof-of-Stake sidechain on Ethereum, has patched a “consensus bypass” bug that might have resulted in billions of {dollars} in losses.

In response to an Immunifi bug repair report printed Monday, the vulnerability, initially reported by whitehat Niv Yehezkel on Jan. 15, would’ve allowed an attacker to bypass the community’s consensus threshold and “drain all funds from the deposit supervisor, interact in limitless withdrawals, DoS [Denial-of-Service attack] and extra.”

Yehezkel, who acquired a $75,000 bounty from Polygon for reporting the bug, mentioned on Twitter immediately that the vulnerability put billions of {dollars} in danger.

Excited to share my analysis on the Polygon to Ethereum PoS bridge, during which I’ve discovered a consensus bypass vulnerability that places billions of {dollars} in danger. Thanks Immunefi crew and Polygon crew for the fast response, skilled joint work and fast patching.

— niv (@invlpgtbl) February 21, 2022

In response to Immunifi’s report, the vulnerability affected the Proof-of-Stake system in Polygon’s good contract on Ethereum. Notably, an attacker would have wanted to fulfill three very particular circumstances to take advantage of the vulnerability. Nevertheless, assembly the factors would have allowed them to empty all tokens from the community’s deposit supervisor. 

“After this consensus bypass, the attacker can ship malicious checkpoints that faux a withdrawal of tokens from Polygon that principally drains all tokens from the deposit supervisor, claiming all heimdall charges saved and extra,” the report mentioned.

Commenting on the potential severity of the exploit, Immunefi Chief Expertise Officer Duncan Townsend informed Crypto Briefing that “no cash was in danger as a result of the bug was not exploitable on the time of the report.” He additionally mentioned that he thought the $75,000 reward was “beneficiant” given the severity of the vulnerability.

In response to knowledge from Defi Llama, Polygon holds over $4.17 billion in whole worth locked throughout its DeFi ecosystem. It’s Ethereum’s most used sidechain, holding extra worth than Layer 2 networks like Arbitrum and Optimism. Earlier this month, it raised $450 million in an funding spherical led by the famend enterprise capital agency Sequoia.

Polygon has handled a number of comparable safety incidents up to now. In October, it patched a bug that might have led to an $850 million exploit, paying a $2 million bounty to the whitehat that disclosed it. In December, a hacker stole $1.6 million in MATIC tokens as a result of one other vital bug within the community. Polygon averted a $20 billion disaster by reacting rapidly to the incident. 

The Polygon crew couldn’t be reached for remark at press time. Polygon additionally opted in opposition to sharing particulars of the bug repair on its communications channels.

Disclosure: On the time of writing, the writer of this function owned ETH and several other different cryptocurrencies. 

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button
Bitcoin (BTC) $ 16,940.05
Ethereum (ETH) $ 1,246.39
Tether (USDT) $ 1.00
BNB (BNB) $ 291.41
USD Coin (USDC) $ 1.00
Binance USD (BUSD) $ 1.00
XRP (XRP) $ 0.390869
Dogecoin (DOGE) $ 0.101250
Cardano (ADA) $ 0.321818
Polygon (MATIC) $ 0.906513