The world’s largest bug bounty – $3,4 mln for a bug in Polygon blockchain
✉️ Sign up for the mailing list: https://bbre.dev/nl
Check out the sponsor of today’s video – Immunefi bug bounty platform: https://bbre.dev/immunefi
The repository with the exploit: https://bbre.dev/polygon-poc
? Follow me on Twitter: https://bbre.dev/tw
This video is an explanation of a vulnerability found in an MRC20 smart contract of MATIC cryptocurrency in the Polygon blockchain network. The bug allowed stealing all the funds from the contract which was worth about $20 bln. The bounty for the bug was awarded $2,2 mln of bounty for the original reporter and $1,2 mln for the hunter that duplicated the report. It was awarded via the Immunefi bug bounty program.
? Get $100 in credits for Digital Ocean: https://bbre.dev/do
Report: https://medium.com/immunefi/polygon-lack-of-balance-check-bugfix-postmortem-2-2m-bounty-64ec66c24c7d
Reporter’s Twitter: https://twitter.com/leonspacewalker
Timestamps:
00:00 Intro
00:28 Immunefi – the sponsor of today’s video
01:04 How transferWithSig function should be used?
04:52 The ecrecover and _transfer functions
07:06 The exploit
Add comment