This developer saves the day – In the space of a few months, Polygon (MATIC) has become an essential blockchain in the DeFi ecosystem. However, it has just come close to disaster, by correcting in extremis a critical vulnerability that put $ 850 million at risk.

$ 850 million saved in extremis

ImmuneFi is a protocol specialized in bug bounty. It makes it possible to remunerate hackers who discover flaws in protocols before they are exploited.

This Thursday, October 21, ImmuneFi published a post mortem reviewing a critical flaw discovery on the Plasma Bridge, a bridge connecting blockchains Polygon and Ethereum (ETH).

On October 5, Gerhard Wagner submitted the vulnerability to the ImmuneFi protocol. Concretely, this vulnerability impacted the withdrawal function from the bridge. The Plasma Birdge has a mechanism that destroy tokens present on Polygon, when withdrawing to Ethereum.

“About $ 850 million was at stake. With just $ 100,000 to launch the attack, the losses would amount to $ 22.3 million. This means that the plasma bridge depot manager could be fully siphoned off with a sufficient amount. “ ImmuneFi Report

Fortunately for Polygon, the vulnerability could have been identified and corrected before to be exploited by a hacker. Thereby, $ 850 million could be saved and no user has been harmed.

The unfolding of the potential attack on Polygon

If the vulnerability had been identified by a malicious hacker, he could have siphoned off some or all of the funds available in the Plasma Bridge, in just 5 steps :

Submit a large amount of ETH on Polygon via the Plasma Bridge;

on Polygon via the Plasma Bridge; After confirming the deposit of funds on the Polygon, launch the withdrawal process ;

; Wait 7 days for the withdrawal to be valid;

for the withdrawal to be valid; Submit again the exit transaction, in modifying the first byte branch mask;

the exit transaction, in branch mask; The same valid transaction can be resubmitted up to 223 times with different values ​​for the first byte.

An attacker would then have been able to perform a large number of withdrawal transactions. In this case, the damage would have been proportional to the amount initially deposited. Obviously it would have been totally possible to siphon off all funds, using a flash loan, as is often the case with DeFi attacks.

Wagner receives $ 2 million reward

As we have just seen, Gerhard Wagner used the ImmuneFi protocol to trace the vulnerability. As a result, he was able to take advantage of the most important reward of bug bounty offered by Polygon when a developer identifies a flaw.

” The white hat received a payment of $ 2 million from Polygon, the highest premium ever paid in history. We congratulate Gerhard on his fantastic work and excellent report. We would also like to thank Polygon for their prompt response and subsequent correction. “ ImmuneFi Report

This is not the first time that blockchain bridges have been the target of hacks. Last August, the Poly-Network protocol found itself at the heart of the turmoil after an attacker managed to steal more than $ 600 million in cryptocurrency. Fortunately, taken with remorse, he agreed to return the funds for a reward.

