Leon Spacewalker

@TalBeerySec @0xPolygon Have got too many irons on the fire after new year, give me a moment :)

@leonspacewalker @0xPolygon Was the blog published?

This bug collision seems odd. 3 different parties find the same $MATIC bug at practically the same time. Option 1: is that blackhat was actually first and was observed by whitehats that researched it and told @0xPolygon.

@TalBeerySec @0xPolygon Note that this is based on your 3 options, it might be Option 4. So to be fair, it probably has nothing to do with Polygon's decision of upgrading.

The original white hat that discovered $MATIC vulnerability thinks "option 2" = "Blackhats observed the upgrade, reverse engineered it to deploy an exploit" is the most likely. If it's correct, then @0xPolygon's decision to patch that way was problematic (probleMATIC 😈? )

@TalBeerySec @0xPolygon Option 3: No, all the communications were done in the Immunefi platform and my PoC was done in the local environment. I’m currently writing a blog to echo more on the Immunefi’s postmortem, mostly will be on the technical stuff tho but probably help shed more light for you

Option 2: Blackhats observed the upgrade, reverse engineered it to deploy an exploit Option 3: Whitehats discussions, or initial trigger were on a not entirely private channel, thus sparking a race between whitehats and blackhats @0xPolygon can you please shed more light?

@TalBeerySec @0xPolygon Option 1: No, I used an automation tool that detects added/changed scopes from Immunefi’s bounties. Option 2: Most likely, as the bug itself is simple enough to be found by anyone who reaches the code first.

Today's the day! @FinalFantasy VII Remake Intergrade is available now on PC via the @EpicGames Store! Take your first steps into Midgar: sqex.link/ff7epict