A new paper details a vulnerability in Polymarket, a prominent prediction market platform, dubbed "Ghost Fills." This issue arises from the platform's hybrid architecture where orders matched off-chain may fail during on-chain settlement. Researchers identified four attack vectors, including nonce bumps and balance drains, which attackers exploited to invalidate matched orders, leading to at least $1.49 million in profit and putting $1.78 billion at risk. The vulnerability's impact extends beyond Polymarket, with similar code found in 167 other contracts holding significant user funds. AI
RANK_REASON The cluster contains an academic paper detailing a newly discovered vulnerability and its exploitation. [lever_c_demoted from research: ic=1 ai=0.1]
Read on Hugging Face Daily Papers →
AI-generated summary · Google Gemini · from 1 sources. How we write summaries →
