The Polygon protocol team paid the white hacker $ 2 million for the vulnerability that threatened to lose $ 850 million. According to the Immunefi bug-finding platform, the reward was a record in the history of the DeFi sector.
The bounty payout is the largest: $2m.
Bug fixed. Everyone is safe!
A real win for all.https://t.co/1fqd4ul3uO
— Immunefi (@immunefi) October 21, 2021
The project launched the bounty program in September and it drew attention to the cybersecurity specialist Geghard Wagner. He noted that Polygon uses the Plasma security system to secure transactions between its networks and Ethereum, which, in his opinion, is difficult to reliably implement.
The movement of funds between the Tier 1 network and the Polygon provides a conduit for Plasma Bridge transactions. Wagner discovered a vulnerability that allowed one valid withdrawal to be repeated up to 223 times (double spend).
A potential attack required the attacker to pay a certain initial amount, but it is incomparable with a possible gain, the specialist emphasized. For example, by depositing tokens for $ 100,000 and repeating their withdrawal as many times as possible, the hacker would receive $ 22.3 million.
The total value of the assets under threat was $ 850 million.
Wagner discovered the bug on October 5, and the Immunefi diagnostic team confirmed the problem and relayed the information to the client. The Polygon developers also confirmed the vulnerability and immediately began fixing it.
Immunefi added that the entire process, including patch development, testing, deployment to the mainnet, as well as white hacker rewards and platform commissions, took a week.
Polygon agreed to pay Wagner the maximum amount for the bounty program.
Stay in touch! Subscribe to World Stock Market in Telegram.