Security researcher Gerhard Wagner found a double-spend bug in Polygon’s Plasma bridge. The company awarded Mr. Wagner a record US$2 million for reporting this critical vulnerability.
In total, it is possible to create 14×16 = 224 different encodings for the same raw path. A malicious user can leverage the issue to create alternative exits for the same burn transaction and perform double spends on the Polygon network.
Check It Out: Polygon Blockchain Fixes Double Spend Bug Reported From Bug Bounty