Polygon rewards Whitehat $75,000 for “saving” billions of dollars
Polygon, a proof-of-stake (POS) sidechain on Ethereum, recently patched a “high severity” vulnerability with the help of a hat hacker that could potentially expose billions of dollars.
According to a bug fix report by Immunifi announced On Monday (February 21), the vulnerability was first reported on January 15 by whitehat Niv Yehezkel, which would allow a hacker to breach the network’s consensus threshold and “withdraw all funds from the deposit manager.” of service attacks) and more”.
Yehezkel, who received a $75,000 bounty from Polygon for reporting the bug, called on Twitter that this vulnerability could cause billions of dollars in damage.
“I published a report on Polygon’s POS bridge to Ethereum, which found a consensus bypass vulnerability that put billions of dollars at risk. Many thanks to the Immunefi team and the Polygon team for their prompt response, professional work and quick patching.”
As reported by Immunifi, the vulnerability affected the POS system in the Polygon smart contract on Ethereum. In particular, hackers must meet three very specific conditions in order to exploit the vulnerability. Once the conditions are met, the hacker can withdraw all tokens from the network’s deposit manager.
Duncan Townsend, Immunefi’s Chief Technology Officer, commented on the seriousness of the potential exploit, saying there is “no monetary risk as the flaw was not exploited at the time of reporting”. He also said the $75,000 bounty was “generous” given the severity of the vulnerability.
According to data from Defi Llama, Polygon holds a total value of $4.01 billion tied to its DeFi ecosystem. It is Ethereum’s most used sidechain and has more value than Layer 2 networks like Arbitrum and Optimism. Earlier this month, the company raised $450 million in an investment round led by popular venture capital firm Sequoia.
Polygon has dealt with a number of similar security incidents in the past. A bug was patched last October that could lead to an exploit of the $850M vulnerability, with a $2M bounty paid to the reported whitehat. By December, a hacker had stolen $1.6 million from MATIC by exploiting another critical flaw in the network. Polygon averted a $20 billion crisis by responding quickly to the incident.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews