link.png

ID:

polygon-plasma-bridge-216

Date:

Status:

Incident Count:

October 21, 2021

Near-Miss

1

info.png
target.png
REKT

Contributor:

chain.png

zerofriction.io

KYC By:

KYC:

None

info.png

Audit By:

Audits:

Certik

Loss Amount:

-

info.png

Recovered:

-

Rewards:

2,000,000

Currency:

USD

info.png

Key Indicators

Platform:

Type:

Category:

Method:

Data Sources:

Ethereum

Protocol

Bridge

Near-Miss

Extended Method:

Logic error in handling of burn transactions

info.png

Days in Operation:

841

(2.30 Years)

chain.png
chain.png
chain.png
chain.png
datasource.png

Bug bounty platform Immunefi says white hat hacker Gerhard Wagner submitted a critical vulnerability affecting the Polygon Plasma Bridge on October 5, 2021 that allows attackers to withdraw their burn transactions from the bridge multiple times for up to 223 times. About $850 million is at risk, and an attack with just $100,000 would result in a loss of $22.3 million. Polygon confirmed the bug and immediately began fixing the underlying issue, which was resolved within a week. Polygon agreed to pay up to $2 million for the submission.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.