The reward was a record in the history of the DeFi sector.
A security expert discovered a critical vulnerability in the Polygon second-level solution that could lead to losses of $850 million. The project paid the researcher a record reward of $2 million.
The Polygon project launched a bounty program in September, and cybersecurity specialist Gehard Wagner drew attention to it. He noted that Polygon uses the Plasma security system to protect transactions between its networks and Ethereum, which, in his opinion, is difficult to reliably implement.
Wagner spoke in detail about how he discovered the vulnerability in the "bridge" Plasma Bridge. The expert called the vulnerability "a doubling of costs bug". Using an error in the code, an attacker could withdraw an amount 223 times the initial value of the tokens. Depositing every $200 thousand could bring a potential hacker $44.6 million. If the vulnerability was exploited, the loss of the protocol could amount to $850 million.
Polygon developers agreed to pay the maximum vulnerability detection reward of $2 million, which was the largest bug detection reward in the history of DeFi.
Polygon developers also confirmed that the bug was present on the main network. Wagner suggested that the problem arose "due to the use of third-party code without fully understanding it." He stressed that the developers solution turned out to be "not too sophisticated", but it coped with its task.
A security expert discovered a critical vulnerability in the Polygon second-level solution that could lead to losses of $850 million. The project paid the researcher a record reward of $2 million.
The Polygon project launched a bounty program in September, and cybersecurity specialist Gehard Wagner drew attention to it. He noted that Polygon uses the Plasma security system to protect transactions between its networks and Ethereum, which, in his opinion, is difficult to reliably implement.
Wagner spoke in detail about how he discovered the vulnerability in the "bridge" Plasma Bridge. The expert called the vulnerability "a doubling of costs bug". Using an error in the code, an attacker could withdraw an amount 223 times the initial value of the tokens. Depositing every $200 thousand could bring a potential hacker $44.6 million. If the vulnerability was exploited, the loss of the protocol could amount to $850 million.
Polygon developers agreed to pay the maximum vulnerability detection reward of $2 million, which was the largest bug detection reward in the history of DeFi.
Polygon developers also confirmed that the bug was present on the main network. Wagner suggested that the problem arose "due to the use of third-party code without fully understanding it." He stressed that the developers solution turned out to be "not too sophisticated", but it coped with its task.