Crypto Updates

Polygon White Hat Rewarded $75,000 for Saving Billions in User Funds

Polygon White Hat Rewarded $75,000 for Saving Billions in User Funds

Key Takeaways

  • Polygon has patched a “high severity” bug that would have allowed an attacker to drain all the funds from the deposit manager contract.
  • Niv Yehezkel, who discovered and reported the bug, was rewarded $75,000.
  • He stated on Twitter that the vulnerability put billions of dollars at risk. Immunefi, meanwhile, said that the vulnerability was unexploitable at the time of the report.

Share this article

The bug bounty platform Immunefi has revealed that Polygon recently patched a “high severity” vulnerability in the network’s Proof-of-Stake system that put billions of dollars at risk.

Polygon Dodges Critical Hack

Polygon, a Proof-of-Stake sidechain on Ethereum, has patched a “consensus bypass” bug that could have resulted in billions of dollars in losses.

According to an Immunifi bug fix report published Monday, the vulnerability, initially reported by white hat Niv Yehezkel on Jan. 15, would’ve allowed an attacker to bypass the network’s consensus threshold and “drain all funds from the deposit manager, engage in unlimited withdrawals, DoS [Denial-of-Service attack] and more.”

Yehezkel, who received a $75,000 bounty from Polygon for reporting the bug, said on Twitter today that the vulnerability put billions of dollars at risk.

According to Immunifi’s report, the vulnerability affected the Proof-of-Stake system in Polygon’s smart contract on Ethereum. Notably, an attacker would have needed to meet three very specific conditions to exploit the vulnerability. However, meeting the criteria would have allowed them to drain all tokens from the network’s deposit manager. 

“After this consensus bypass, the attacker can send malicious checkpoints that fake a withdrawal of tokens from Polygon that basically drains all tokens from the deposit manager, claiming all heimdall fees stored and more,” the report said.

Commenting on the potential severity of the exploit, Immunefi Chief Technology Officer Duncan Townsend told Crypto Briefing that “no money was at risk because the bug was not exploitable at the time of the report.” He also said that he thought the $75,000 reward was “generous”…

Click Here to Read the Full Original Article at Technology Updates – Crypto Briefing…