✉️ Sign up for the mailing list: https://bbre.dev/nl
Check out the sponsor of today’s video – Immunefi bug bounty platform: https://bbre.dev/immunefi
The repository with the exploit: https://bbre.dev/polygon-poc
📣 Follow me on Twitter: https://bbre.dev/tw
This video is an explanation of a vulnerability found in an MRC20 smart contract of MATIC cryptocurrency in the Polygon blockchain network. The bug allowed stealing all the funds from the contract which was worth about $20 bln. The bounty for the bug was awarded $2,2 mln of bounty for the original reporter and $1,2 mln for the hunter that duplicated the report. It was awarded via the Immunefi bug bounty program.
🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do
Reporter’s Twitter: https://twitter.com/leonspacewalker
00:28 Immunefi – the sponsor of today’s video
01:04 How transferWithSig function should be used?
04:52 The ecrecover and _transfer functions
07:06 The exploit