THELOGICALINDIAN - Thanks to a white hat hackers advice Polygon has patched a analytical arrangement vulnerability that put billions of dollars at accident The white hat was paid 75000 for his casework
The bug compensation belvedere Immunefi has appear that Polygon afresh patched a “high severity” vulnerability in the network’s Proof-of-Stake arrangement that put billions of dollars at risk.
Polygon Dodges Critical Hack
Polygon, a Proof-of-Stake sidechain on Ethereum, has patched a “consensus bypass” bug that could accept resulted in billions of dollars in losses.
According to an Immunifi bug fix report appear Monday, the vulnerability, initially appear by white hat Niv Yehezkel on Jan. 15, would’ve accustomed an antagonist to bypass the network’s accord beginning and “drain all funds from the drop manager, appoint in absolute withdrawals, DoS [Denial-of-Service attack] and more.”
Yehezkel, who accustomed a $75,000 compensation from Polygon for advertisement the bug, said on Twitter today that the vulnerability put billions of dollars at risk.
According to Immunifi’s report, the vulnerability afflicted the Proof-of-Stake arrangement in Polygon’s acute arrangement on Ethereum. Notably, an antagonist would accept bare to accommodated three actual specific altitude to accomplishment the vulnerability. However, affair the belief would accept accustomed them to cesspool all tokens from the network’s drop manager.
“After this accord bypass, the antagonist can accelerate awful checkpoints that affected a abandonment of tokens from Polygon that basically drains all tokens from the drop manager, claiming all heimdall fees stored and more,” the address said.
Commenting on the abeyant severity of the exploit, Immunefi Chief Technology Officer Duncan Townsend told Crypto Briefing that “no money was at accident because the bug was not accommodating at the time of the report.” He additionally said that he anticipation the $75,000 accolade was “generous” accustomed the severity of the vulnerability.
According to abstracts from Defi Llama, Polygon holds over $4.17 billion in absolute amount bound beyond its DeFi ecosystem. It’s Ethereum’s best acclimated sidechain, captivation added amount than Layer 2 networks like Arbitrum and Optimism. Earlier this month, it aloft $450 actor in an advance annular led by the acclaimed adventure basic close Sequoia.
Polygon has dealt with several agnate aegis incidents in the past. In October, it patched a bug that could accept led to an $850 million exploit, advantageous a $2 actor compensation to the white hat that appear it. In December, a hacker blanket $1.6 actor in MATIC tokens due to addition analytical bug in the network. Polygon averted a $20 billion crisis by reacting bound to the incident.
The Polygon aggregation could not be accomplished for animadversion at columnist time. Polygon additionally autonomous adjoin administration capacity of the bug fix on its communications channels.
Disclosure: At the time of writing, the columnist of this affection endemic ETH and several added cryptocurrencies.
