An important vulnerability on Polygon was revealed recently by a white hat hacker, and this vulnerability could have been exploited. If exploited, the vulnerability could have resulted in a huge loss of up to $850 million.
Polygon Pays Highest Ever Bug Bounty
The Polygon team acknowledged the vulnerability and assured the public that no user fund was stolen due to the vulnerability. Also, it was disclosed that a sum of $2 million was given to the Whitehat Gerhard Wagner. He was given this large bounty because he disclosed the existence of the bug responsibly.
The bounty paid to the Whitehat by Polygon is the highest ever bug bounty paid in history according to Immunefi, a DeFi bug bounty platform.
This is considered a huge win for everyone involved. Polygon had a big vulnerability exposed before it was exploited and the bug was fixed. The Whitehat Gerhard Wagner got compensated in a huge payment to the tune of $2 million. Also, the general community and users of Polygon are also safer due to the bug being fixed.
Gerhard Wagner gave a bug report earlier in the month when he reported the bug in Polygon Plasma Bridge. This is according to Immunefi which also reported that the vulnerability detected allows multiple exit from burn transactions up to 223 times. Polygon is known to allow interoperability using the Ethereum blockchain.
After getting the report from Immunefi, Polygon quickly fixed the breach in security on its platform within a week. Polygon also paid Immunefi commission for its role in ensuring the bounty program runs smoothly, this is aside from the bug bounty paid to Gerhard.
Vulnerability in Plasma Bridge
If the bug hadn’t been found and resolved, alternative exits can be created for the same burn transaction and a malicious user can then double spend on the network. Hence, a malicious user could have withdrawn a huge amount of ETH tokens by submitting a withdrawal procedure up to 223 times.
Also important is the waiting period of seven days needed before a user can get back funds into their Ethereum account. So after the seven days waiting period, someone seeking to exploit the vulnerability and has an initial deposit of $100,000 can get an extra $22.3 million for the same transaction.
The vulnerability was found only in the Plasma Bridge of Polygon, the second bridge offered by Polygon: the PoS bridge was not affected. Polygon is having a huge growth in new developers on its platform. The active developers on the platform are growing on average by over 60% every month. Also, the usage of the platform month on month has increased by over 145%.
Tokenhell produces content exposure for over 5,000 crypto companies and you can be one of them too! Contact at info@tokenhell.com if you have any questions. Cryptocurrencies are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by Tokenhell authors (namely Crypto Cable , Sponsored Articles and Press Release content) and the views expressed in these types of posts do not reflect the views of this website. Tokenhell is not responsible for the content, accuracy, quality, advertising, products or any other content or banners (ad space) posted on the site. Read full terms and conditions / disclaimer.
