Polygon Dodges $850M Hack, Pays $2M Bounty

Share IT

Key Takeaways:

  • Polygon has granted a $2 million reward to a white hat hacker who found a major vulnerability.
Polygon Dodges $850M Hack, Pays $2M Bounty

According to Immunefi, this is the highest bounty ever given in DeFi. Gerhard Wagner discovered the vulnerability in the Polygon Plasma Bridge on October 5, which allows an attacker to exit their burn transaction from the bridge up to 223 times.

According to a post-mortem report provided by Immunefi, having just $100,000 to begin an attack would result in a loss of $22.3 million. Total amount at risk was ~$850M. The main flaw affected WithdrawManager, a function in the bridge contract that authenticates burn transactions in prior blocks in order to withdraw assets back to Ethereum.

It took Polygon network 30 minutes to start addressing the problem. The issue was quickly fixed, and no user funds were lost.

“We congratulate Gerhard for his fantastic work and excellent report, and appreciate the swift response, subsequent fix, and a fast payout from Polygon” said Mitchell Amador, founder of Immunefi.

“The entire issue, including the bounty payout and deploying the fix on the mainnet, has been mitigated within one week” said Immunefi team.

“We hope this bounty on Immunefi sets an example for other web 3.0 projects and attracts Giga brains from the white hat security research community to contribute to web 3.0 and make it more resilient from future security threats” said Jaynti Kanani, co-founder of Polygon.

Polygon network has completed a smart contract audit performed by cybersecurity firm Certik and is currently ranks 20 on Certik’s leaderboard.

Also, read

Share IT
Yash Kamal Chaturvedi
Yash Kamal Chaturvedi

Btech Computer Science, Maharshi Dayanand University, Rohtak (2023)

Get Daily Updates

Crypto News, NFTs and Market Updates

Claim Your Free Trading Guide

Sign up for newsletter below and get your free crypto trading guide.

Can’t find what you’re looking for? Type below and hit enter!