Key Takeaways
- Polygon has patched a important bug on its Plasma Bridge.
- The vulnerability put $850 million in danger, although the problem was resolved earlier than any funds have been misplaced.
- Polygon has paid a file $2 million bounty to the hacker who noticed the problem.
Share this text
Polygon has patched a important vulnerability that affected its Plasma Bridge.
Polygon Pays $2 Million Bounty
Ethereum sidechain Polygon has patched a important bug on its Plasma Bridge contract.
A postmortem report from the bug bounty platform Immunefi revealed that it had found the problem and it was patched earlier than any hack or funds have been misplaced.
Polygon is the biggest sidechain community on Ethereum. It operates the Plasma Bridge, a two-way token gateway that lets customers switch belongings from Ethereum mainnet to Polygon and withdraw them again on Ethereum.
Polygon’s Plasma Bridge has a safety exit mechanism that entails burning tokens which have been requested to be withdrawn to mainnet. On Oct. 5, the whitehat hacker Gerhard Wagner discovered a safety vulnerability that might let malicious hackers bypass the bridge’s exit mechanism.
The principle vulnerability affected WithdrawManager, a selected perform within the bridge contract that authenticates burn transaction in earlier blocks for withdrawing belongings again to Ethereum.
No consumer funds have been misplaced
Thanks @g3rh4rdw4gn3r for responsibly disclosing the bug, and @immunefi for facilitating the bug bounty of $2,000,000
👷‍♀️Let’s construct and make internet 3.0 extra resilient from such future assaults.
You’ll be able to learn the detailed postmortem of the exploit right here 👇 https://t.co/svhfo2cewS
— Polygon | $MATIC (@0xPolygon) October 21, 2021
Wagner reported the vulnerability to Immunefi, which then notified Polygon. Per the Immunefi postmortem, the Polygon crew “instantly started fixing the underlying subject” and it was safely patched quickly after. The bug was reportedly extreme sufficient that it might have allowed hackers to empty all the worth locked on Plasma Bridge, which was round $850 million on the time.
The Polygon crew has rewarded Wagner with $2 million, the very best bounty paid within the crypto house so far.
In a press release shared with Crypto Briefing, Polygon co-founder Jaynti Kanani stated that safety shouldn’t be an afterthought when constructing the Net 3. Commenting on the problem, Kanani added that Immunefi had helped the Polygon crew “join with safety researchers to make the Polygon Proof-of-Stake community extra resilient.”
The incident serves as a reminder of safety points with interoperability bridges. As a wide range of Layer 1 blockchains have seen explosive development, bridges have soared in reputation. Nevertheless, there are main safety points with many bridges, which has led to a number of assaults by which hackers have exploited vulnerabilities. In a single notable incident, $611 million was stolen from a cross-chain bridge service referred to as PolyNetwork. Different cross-chain bridge incidents on pNetwork and Thorchain additionally suffered multi-million greenback losses in current months.
Disclosure: On the time of writing, the creator of this function owned ETH.