Polygon Discloses Critical Vulnerability

The bug could have been exploited to compromise over $2 billion worth of assets on Polygon's PoS bridge.

Polygon Discloses Critical Vulnerability

Quick Take

  • Polygon discloses a critical vulnerability.
  • ENS Labs update on GoDaddy lawsuit.
  • Susa perps DEX on Layer N.
  • Arbitrum’s ArbOS Atlas upgrade.

Listen on: Apple | Castbox | Spotify | YouTube | Lens


This episode is sponsored by Harpie!

harpie.io/ethdaily

Harpie is an onchain security solution that protects your wallet from theft in realtime. Harpie helps you detect and block suspicious transactions before they execute, safeguarding your assets from malicious attacks and scams. Try Harpie for free at harpie.io/ethdaily.


Polygon Discloses Critical Vulnerability

Asymmetric research disclosed a critical vulnerability in the Heimdall Polygon PoS validator software that could have been exploited to compromise over $2 billion worth of assets on the network’s bridge. The vulnerability was disclosed through Polygon’s Immunefi Bug Bounty program and has since been patched without exploitation. This vulnerability, which went unnoticed for five years, pertains to the bridging layers between Polygon’s Ethereum-based smart contracts and its PoS consensus layer. To exploit it, an attacker would need to inject false events into the StakeSync mechanism. Asymmetric Research recommends implementing time delays, transfer limits, and invariant checks on the native bridge as measures to diminish the chances of an attack.

ENS Labs is seeking input from the ENS DAO regarding its ongoing legal action against GoDaddy, Dynodot, and Manifold Finance for the recovery of the eth.link domain. The lawsuit initiated in September 2022 after GoDaddy transferred the eth.link domain to third-party registry Dynadot, who then re-auctioned it to Manifold Finance. Originally owned by early Ethereum contributor Virgil Griffith, the eth.link domain was allegedly falsely declared expired by GoDaddy. Eth.link was a tool that enabled HTTP access to ENS domains, similarly to eth.limo. To date, ENS Labs has expended $750,000 on the lawsuit. Manifold Finance wants to relinquish the domain for $300,000. The ENS DAO will vote on whether to accept the settlement and pay $300,000, propose a counteroffer, continue with the lawsuit, or dismiss the case. ENS Labs is also requesting reimbursement from the ENS DAO for the legal expenses it has incurred.

Susa Perps DEX On Layer N

Sushi, ranking as the sixth largest multi-chain DEX, unveiled plans to introduce Susa, a new perpetuals DEX built on Layer N. The integration aims to provide users with an CEX-like experience through low fees, minimal latency, and high transaction throughput. Using Layer N's Nord Engine and StateNet architecture, Susa will enable the development of custom applications with access to the exchange's liquidity. Layer N is a L2 solution that supports a network of custom rollups with shared communication and liquidity. Layer N is currently live on testnet.

Arbitrum ArbOS Atlas Upgrade

A vote is set to go live for implementing Arbitrum ArbOS Atlas, an update that will prepare Arbitrum One and Nova to be compatible with the Ethereum Dencun upgrade. ArbOS Atlas also introduces support for transient storage, MCOPY, and SELFDESTRUCT only in same transaction. The Dencun upgrade is scheduled to activate on Ethereum Mainnet on March 13th.

Other News


Subscribe

🔗 Website | 🎙️ Podcast | 🎥 YouTube | 🐦 X | 🌿 Lens | 🟪 Farcaster