White Hat Hacker Niv Yehezkel Was Rewarded $75,000 For Reporting A Consensus Bypass Vulnerability To Polygon.

Whitehat Niv Yehezkel reported a consensus bypass vulnerability to Polygon, coupled with a local mainnet fork proof of concept (PoC). The hacker was paid with a $75,000 bounty.

On January 15, whitehat Niv Yehezkel reported a consensus bypass vulnerability to Polygon, accompanied with a local mainnet fork proof of concept (PoC).

Niv Yehezkel Was Rewarded $75,000 For Reporting A Consensus Bypass Vulnerability To Polygon. discovered a flaw in the proof of stake (PoS) system in Polygon’s smart contract on Ethereum, which would have enabled an attacker to reduce total staking power, allowing a consensus (23) bypass that could presumably have allowed an attacker to deplete all funds from the deposit manager, engage in unlimited withdrawals, DoS, and more.

Because of the sophistication of the exploit, the bug was assigned a high severity level, and the whitehat was paid with a $75,000 bounty.

Specific market circumstances would have had to be satisfied for the attacker to exploit this issue. For example, a validator position had to be available, and the financial requirements were significant (less capital means longer the attack takes).

The cost of directly paying miners to stay in the validator position via flashbots was priced comparably. Furthermore, the checkpoint period for the Polygon network is every 30–45 minutes, and the attacker would have required to keep the validator position for a long time, raising the attack costs owing to time constraints.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Patrick

Coincu News