By Shelly Melancon (Switzerland)
An important vulnerability on Polygon was revealed recently by a white hat hacker, and this vulnerability could have been exploited. If exploited, the vulnerability could have resulted in a huge loss of up to $850 million.
Polygon Pays Highest Ever Bug Bounty
The Polygon team acknowledged the vulnerability and assured the public that no user fund was stolen due to the vulnerability. Also, it was disclosed that a sum of $2 million was given to the Whitehat Gerhard Wagner. He was given this large bounty because he disclosed the existence of the bug responsibly.
The bounty paid to the Whitehat by Polygon is the highest ever bug bounty paid in history according to Immunefi, a DeFi bug bounty platform.
This is considered a huge win for everyone involved. Polygon had a big vulnerability exposed before it was exploited and the bug was fixed. The Whitehat Gerhard Wagner got compensated in a huge payment to the tune of $2 million. Also, the general community and users of Polygon are also safer due to the bug being fixed.
Gerhard Wagner gave a bug report earlier in the month when he reported the bug in Polygon Plasma Bridge. This is according to Immunefi which also reported that the vulnerability detected allows multiple exit from burn transactions up to 223 times. Polygon is known to allow interoperability using the Ethereum blockchain.
After getting the report from Immunefi, Polygon quickly fixed the breach in security on its platform within a week. Polygon also paid Immunefi commission for its role in ensuring the bounty program runs smoothly, this is aside from the bug bounty paid to Gerhard.
Vulnerability in Plasma Bridge
If the bug hadn’t been found and resolved, alternative exits can be created for the same burn transaction and a malicious user can then double spend on the network. Hence, a malicious user could have withdrawn a huge amount of ETH tokens by submitting a withdrawal procedure up to 223 times.
Also important is the waiting period of seven days needed before a user can get back funds into their Ethereum account. So after the seven days waiting period, someone seeking to exploit the vulnerability and has an initial deposit of $100,000 can get an extra $22.3 million for the same transaction.
The vulnerability was found only in the Plasma Bridge of Polygon, the second bridge offered by Polygon: the PoS bridge was not affected. Polygon is having a huge growth in new developers on its platform. The active developers on the platform are growing on average by over 60% every month. Also, the usage of the platform month on month has increased by over 145%.
At Tokenhell, we help over 5,000 crypto companies amplify their content reach—and you can join them! For inquiries, reach out to us at info@tokenhell.com. Please remember, cryptocurrencies are highly volatile assets. Always conduct thorough research before making any investment decisions. Some content on this website, including posts under Crypto Cable, Sponsored Articles, and Press Releases, is provided by guest contributors or paid sponsors. The views expressed in these posts do not necessarily represent the opinions of Tokenhell. We are not responsible for the accuracy, quality, or reliability of any third-party content, advertisements, products, or banners featured on this site. For more details, please review our full terms and conditions / disclaimer.