Polygon Whitehat Rewarded $75,000 for Saving Billions in User Funds

Millions Lost as Solana DeFi App cashio Suffers Hack

Key Takeaways

  • Polygon has patched a “excessive severity” bug that might have allowed an attacker to empty all of the funds from the deposit supervisor contract.
  • Niv Yehezkel, who found and reported the bug, was rewarded $75,000.
  • He acknowledged on Twitter that the vulnerability put billions of {dollars} in danger. Immunefi, in the meantime, stated that the vulnerability was unexploitable on the time of the report.

Share this text

The bug bounty platform Immunefi has revealed that Polygon lately patched a “excessive severity” vulnerability in the community’s Proof-of-Stake system that put billions of {dollars} in danger.

Polygon Dodges Critical Hack

Polygon, a Proof-of-Stake sidechain on Ethereum, has patched a “consensus bypass” bug that would have resulted in billions of {dollars} in losses.

According to an Immunifi bug repair report revealed Monday, the vulnerability, initially reported by whitehat Niv Yehezkel on Jan. 15, would’ve allowed an attacker to bypass the community’s consensus threshold and “drain all funds from the deposit supervisor, interact in limitless withdrawals, DoS [Denial-of-Service attack] and extra.”

Yehezkel, who obtained a $75,000 bounty from Polygon for reporting the bug, stated on Twitter at this time that the vulnerability put billions of {dollars} in danger.

According to Immunifi’s report, the vulnerability affected the Proof-of-Stake system in Polygon’s good contract on Ethereum. Notably, an attacker would have wanted to fulfill three very particular circumstances to take advantage of the vulnerability. However, assembly the factors would have allowed them to empty all tokens from the community’s deposit supervisor. 

“After this consensus bypass, the attacker can ship malicious checkpoints that faux a withdrawal of tokens from Polygon that principally drains all tokens from the deposit supervisor, claiming all heimdall charges saved and extra,” the report stated.

Commenting on the potential severity of the exploit, Immunefi Chief Technology Officer Duncan Townsend informed Crypto Briefing that “no cash was in danger as a result of the bug was not exploitable on the time of the report.” He additionally stated that he thought the $75,000 reward was “beneficiant” given the severity of the vulnerability.

According to knowledge from Defi Llama, Polygon holds over $4.17 billion in complete worth locked throughout its DeFi ecosystem. It’s Ethereum’s most used sidechain, holding extra worth than Layer 2 networks like Arbitrum and Optimism. Earlier this month, it raised $450 million in an funding spherical led by the famend enterprise capital agency Sequoia.

Polygon has handled a number of related safety incidents in the previous. In October, it patched a bug that would have led to an $850 million exploit, paying a $2 million bounty to the whitehat that disclosed it. In December, a hacker stole $1.6 million in MATIC tokens as a result of one other crucial bug in the community. Polygon averted a $20 billion disaster by reacting shortly to the incident. 

The Polygon crew couldn’t be reached for remark at press time. Polygon additionally opted in opposition to sharing particulars of the bug repair on its communications channels.

Disclosure: At the time of writing, the creator of this function owned ETH and several other different cryptocurrencies. 

Share this text

Source link

Be the first to comment

Leave a Reply

Your email address will not be published.