📧 Subscribe to BBRE Premium: https://bbre.dev/premium
✉️ Sign up for the mailing list: https://bbre.dev/nl
Check out the sponsor of today’s video – Immunefi bug bounty platform: https://bbre.dev/immunefi
The repository with the exploit: https://bbre.dev/polygon-poc
📣 Follow me on Twitter: https://bbre.dev/tw

This video is an explanation of a vulnerability found in an MRC20 smart contract of MATIC cryptocurrency in the Polygon blockchain network. The bug allowed stealing all the funds from the contract which was worth about $20 bln. The bounty for the bug was awarded $2,2 mln of bounty for the original reporter and $1,2 mln for the hunter that duplicated the report. It was awarded via the Immunefi bug bounty program.

🖥 Get $100 in credits for Digital Ocean: https://bbre.dev/do

Report: https://medium.com/immunefi/polygon-lack-of-balance-check-bugfix-postmortem-2-2m-bounty-64ec66c24c7d
Reporter’s Twitter: https://twitter.com/leonspacewalker

Timestamps:

00:00 Intro
00:28 Immunefi – the sponsor of today’s video
01:04 How transferWithSig function should be used?
04:52 The ecrecover and _transfer functions
07:06 The exploit

Add comment

Your email address will not be published.