Whitehat Hacker Identifies and Reveals Crucial Bug On Polygon, Gets $2mln Bounty
Polygon just got fortunate with a serious vulnerability that could have cost the network up to $850 million. Gerhard Wagner, a Whitehat hacker, uncovered and revealed the platform’s vulnerability, saving Polygon from potential damages. According to the Polygon team, the platform did not lose any money as a result of the vulnerability.
Polygon announced a $2 million reward for the Whitehat hacker in thanks for “responsibly revealing the flaw.” The Polygon team also expressed gratitude to the DeFi bug bounty platform, Immunefi, for arranging the bug bounty.
In a tweet, Immunefi said that it “broke another record.” Wagner discovered a weakness in Polygon’s plasma bridge that, if abused, might have led in losses for the blockchain, according to the DeFi bug bounty site. The reward award of $2 million is the biggest, according to the tweet. “Everyone is safe!” Immunefi said. “It’s a win-win situation for everyone.”
Immunefi said that the Whitehat hacker reported a flaw affecting the Polygon Plasma Bridge. The major flaw allows a hacker to repeatedly leave their burn transaction from the bridge. The attacker exited their burn transaction 223 times in total.
Essentially, the issue was double-spending on the network’s “Deposit Manager.” The Immunefi team immediately validated the information and shared it appropriately. Polygon later verified the glitch, and gena was working on the underlying issue within 30 minutes. While the Polygon triage team was resolving the problem, the team computed the sums at risk, which Wagner validated. Polygon then agreed to pay the maximum, $2 million, for the submission.
“The whitehat earned a compensation of $2 million from Polygon, which is the greatest bounty ever given out in history,” Immunefi claimed. “We congratulate Gerhard on his outstanding effort and report. We’d also like to thank Polygon for the quick response and subsequent repair.”
Polygon was able to resolve the problem within a week after receiving Immunefi’s vulnerability report. During that time, the blockchain tested the repair and published it to the mainnet. Polygon paid Immunefi a commission in addition to the whitehat hacker.
If the flaw had not been discovered sooner, “a malicious user may utilize the vulnerability to construct alternate exits for the same burn transaction and commit multiple spends on the Polygon network,” according to the Whitehat.
In recent months, the Polygon network has seen an uptick in platform activity. Alchemy, a blockchain development platform, announced that the number of active developers on Polygon is increasing double on a regular basis. Monthly use on the site has increased by 145 percent as of October.
Furthermore, Alchemy said, “Another noteworthy result – roughly 40% of projects are utilizing Polygon and Ethereum in simultaneously, while 60% are working alone, indicating that Polygon may have a bright future as both a complement to Ethereum and an ecosystem in its own right.”