Security Researcher Iczc Discovered Vulnerability in Polygon ZkEVM, Now Fixed

Scroll blockchain security researcher iczc posted on Twitter that a vulnerability was found in Polygon zkEVM and received a Layer 2 (L2) vulnerability reward from the Web3 vulnerability bounty platform Immunefi.

This vulnerability caused assets bridged from L1 to Polygon zkEVM (L2) to be unable to be properly claimed in L2, hindering the asset migration from L1 to L2. The Polygon zkEVM team has fixed this vulnerability, and no funds are at risk.

Polygon Labs launched the Polygon zkEVM vulnerability bounty program in March of this year, which is operated by Immunefi. The bounty payments are tiered based on the level of the discovered vulnerability. Critical vulnerabilities can receive up to $1 million in rewards, while high-level vulnerability rewards range from $10,000 to $50,000, and medium-level vulnerability rewards are set at $5,000.