• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • bitcoinBitcoin(BTC)$28,357.005.81%
    BITCOIN
    24H : 5.81%
    Volume : $22,120,477,246.00
    Marketcap : $549,015,768,304.00
  • ethereumEthereum(ETH)$1,810.535.28%
    ETHEREUM
    24H : 5.28%
    Volume : $11,602,023,149.00
    Marketcap : $218,387,202,485.00
  • binancecoinBNB(BNB)$317.302.68%
    BNB
    24H : 2.68%
    Volume : $685,512,559.00
    Marketcap : $50,153,976,746.00
  • rippleXRP(XRP)$0.57017.15%
    XRP
    24H : 17.15%
    Volume : $5,109,514,380.00
    Marketcap : $29,509,044,404.00
  • cardanoCardano(ADA)$0.38711.17%
    CARDANO
    24H : 11.17%
    Volume : $541,668,865.00
    Marketcap : $13,580,684,526.00
  • dogecoinDogecoin(DOGE)$0.0765.14%
    DOGECOIN
    24H : 5.14%
    Volume : $477,154,094.00
    Marketcap : $10,563,829,275.00
  • matic-networkPolygon(MATIC)$1.148.70%
    POLYGON
    24H : 8.70%
    Volume : $495,020,283.00
    Marketcap : $10,345,335,853.00
  • solanaSolana(SOL)$21.167.15%
    SOLANA
    24H : 7.15%
    Volume : $523,876,997.00
    Marketcap : $8,166,082,394.00
  • polkadotPolkadot(DOT)$6.246.70%
    POLKADOT
    24H : 6.70%
    Volume : $190,100,297.00
    Marketcap : $7,612,558,960.00
  • okbOKB(OKB)$43.271.13%
    OKB
    24H : 1.13%
    Volume : $40,027,377.00
    Marketcap : $2,598,973,772.00
TodayinCrypto.com

TodayinCrypto.com

  • Home
  • Latest News
  • YOUTUBE RECAPS
  • CONTACT US

$75,000 was awarded to Polygon Whitehat for saving billions of dollars in user funds


February 21, 2022 · By MATheGooner
Polygon (MATIC)

Polygon just addressed a “high severity” vulnerability in the network’s Proof-of-Stake mechanism, putting billions of dollars at risk, according to bug bounty site Immunefi.

The deficiency put billions of dollars at risk according to Niv Yehezke who was paid $75000 as whitehat for identifying the vulnerability. Meanwhile, Immunefi stated that at the time of the report, the vulnerability was unexploitable.

Excited to share my research on the Polygon to Ethereum PoS bridge, in which I have found a consensus bypass vulnerability that puts billions of dollars at risk. Thank you Immunefi team and Polygon team for the rapid response, professional joint work and quick patching. https://t.co/AKT0HrbWOE

— niv (@invlpgtbl) February 21, 2022

Polygon, an Ethereum Proof-of-Stake sidechain, has fixed a “consensus bypass” flaw that might have cost billions of dollars. 

The vulnerability, first reported by whitehat Niv Yehezkel on Jan. 15, would have allowed an attacker to bypass the network’s consensus threshold and “drain all funds from the deposit manager, engage in unlimited withdrawals, DoS [Denial-of-Service attack], and more,” according to an Immunifi bug fix report published Monday. 

On Twitter today, Yehezkel, who won a $75,000 prize from Polygon for discovering the issue, said the flaw put billions of dollars at risk.

According to Immunifi’s study, the flaw affects Polygon’s Ethereum smart contract’s Proof-of-Stake system. To exploit the vulnerability, an attacker would have had to meet three very particular circumstances. Meeting the criterion, on the other hand, would have allowed them to drain the network’s deposit manager of all tokens.

“After this consensus bypass, the attacker can send malicious checkpoints that fake a withdrawal of tokens from Polygon that basically drains all tokens from the deposit manager, claiming all heimdall fees stored and more,” the report said.

Immunefi Chief Technology Officer Duncan Townsend told Crypto Briefing that “no money was at risk because the bug was not exploitable at the time of the report,” referencing the potential severity of the exploit. He also stated that, considering the seriousness of the vulnerability, he thought the $75,000 incentive was “generous.” 

Polygon has approximately $4.17 billion in total value locked across its DeFi ecosystem, according to data from Defi Llama. It’s Ethereum’s most popular sidechain, outperforming Layer 2 networks like Arbitrum and Optimism in terms of value. It raised $450 million earlier this month in an investment round led by Sequoia Capital, a well-known venture capital firm.

Polygon has already dealt with a number of similar security breaches. It paid a $2 million bounty to the whitehat who discovered a defect that might have led to a $850 million exploit in October. Another serious flaw in the network resulted in a hacker stealing $1.6 million in MATIC tokens in December. By responding immediately to the problem, Polygon was able to avoid a $20 billion crisis.

Primary Sidebar

LATEST NEWS

Tick-Tock for Crypto Clients: Signature Bank’s Deadline Approaches

March 29, 2023

The SEC’s Crypto Crackdown: Operation Choke Point 2.0 Unveiled

March 29, 2023

Binance and CEO CZ sued by US regulator over alleged illegal activity

March 27, 2023

Terraform Labs co-founder Do Kwon fights back against unjustified detention extension

March 26, 2023

Coinbase to strengthen crypto industry future in the US through political donations

March 25, 2023

  • Facebook
  • Instagram
  • Twitter

Newsletter

Footer

ABOUT US

TodayinCrypto is a financial media brand that strives to deliver breaking, accurate and daily news about digital assets to millions of investors in the crypto industry.

We are passionate about Bitcoin and are keen to share news about the people, companies and technological developments that are changing our world.

TODAY IN CRYPTO

  • VPN Users Beware! The RESTRICT Act Could Land You in Hot Water! March 29, 2023
  • Tick-Tock for Crypto Clients: Signature Bank’s Deadline Approaches March 29, 2023
  • The SEC’s Crypto Crackdown: Operation Choke Point 2.0 Unveiled March 29, 2023

Search

Tags

Aave (AAVE) Aleph.im (ALEPH) Arweave (AR) Avalanche (AVAX) Benchmark Protocol (MARK) Binance Coin (BNB) Bitcoin (BTC) Bondly (BONDLY) Bridge Mutual (BMI) Cardano (ADA) Celsius Network (CEL) Chainlink (LINK) Decentraland (MANA) Dogecoin (DOGE) Elrond (EGLD) Enjin Coin (ENJ) Ethereum (ETH) Ethernity Chain (ERN) Fantom (FTM) FTX Token (FTT) Kusama (KSM) Litecoin (LTC) NFT OriginTrail (TRAC) PAID Network (PAID) PancakeSwap (CAKE) Polkadot (DOT) Polkastarter (POLS) Polygon (MATIC) SnowSwap Solana (SOL) SuperFarm (SUPER) Sushi (SUSHI) Terra (LUNA) Terra Classic (LUNC) The Graph (GRT) Theta Network (THETA) Tixl (TXL) Trustswap (SWAP) Uniswap (UNI) USD Coin (USDC) VeChain (VET) XRP (XRP) yearn.finance (YFI) Yield Optimization Platform & Protocol (YOP)

Copyright © 2023 · Today in Crypto · Terms & Privacy · Log in