Scan to download
BTC $67,875.11 +1.11%
ETH $1,964.00 -0.84%
BNB $611.91 +0.11%
XRP $1.42 -4.56%
SOL $81.67 -4.53%
TRX $0.2795 -0.47%
DOGE $0.0974 -3.83%
ADA $0.2735 -4.22%
BCH $560.65 -0.50%
LINK $8.64 -2.97%
HYPE $28.98 -1.81%
AAVE $122.61 -3.42%
SUI $0.9138 -6.63%
XLM $0.1605 -4.62%
ZEC $260.31 -8.86%
BTC $67,875.11 +1.11%
ETH $1,964.00 -0.84%
BNB $611.91 +0.11%
XRP $1.42 -4.56%
SOL $81.67 -4.53%
TRX $0.2795 -0.47%
DOGE $0.0974 -3.83%
ADA $0.2735 -4.22%
BCH $560.65 -0.50%
LINK $8.64 -2.97%
HYPE $28.98 -1.81%
AAVE $122.61 -3.42%
SUI $0.9138 -6.63%
XLM $0.1605 -4.62%
ZEC $260.31 -8.86%

polymarket

GoPlus: Polymarket Hacked, Flaws in Off-Chain and On-Chain Transaction Result Synchronization Mechanism

According to disclosures from the GoPlus Chinese community, the prediction market platform Polymarket was hacked due to a design flaw in the synchronization mechanism between off-chain and on-chain trading results in its order system.The attacker manipulated the nonce, causing on-chain matched trades to be canceled or invalidated before execution, while off-chain records remained valid, leading to API false reports that affected trading behaviors of bots like Negrisk, resulting in user losses. The analysis of the attack process is as follows:The attacker submitted/matched large reverse trades with the market-making bot on the Polymarket off-chain orderbook.The attacker constructed transactions with forged/repeated nonces or utilized on-chain nonce competition, causing the on-chain transactions to inevitably revert.The Polymarket API returned "transaction successful" to the bot before on-chain confirmation, leading the bot to believe that the position had been hedged, while the actual on-chain state had not changed.The attacker then executed real on-chain trades to take advantage of the direction exposed by the bot, thus profiting "risk-free."Since the revert occurred at the chain level, Polymarket fees would not explode, making the attack cost controllable and executable continuously.GoPlus recommends that users pause automated trading tools, verify on-chain trading statuses, enhance wallet security, and closely monitor official announcements from Polymarket.

Opinion: The recent lawsuit outcome of Polymarket will determine the regulatory jurisdiction of prediction markets in the United States

Recent federal litigation by Polymarket against Massachusetts may determine whether the regulation of prediction markets in the United States falls under federal or state jurisdiction. Polymarket argues in the lawsuit that Congress has granted exclusive regulatory authority over "event contracts" (prediction markets for sports, politics, etc.) to the Commodity Futures Trading Commission (CFTC), and therefore state governments do not have the power to independently prohibit or regulate these platforms.The lawsuit aims to prevent Massachusetts Attorney General Andrea Campbell from potential enforcement actions, following a preliminary injunction issued by the state court against Polymarket's competitor Kalshi, which determined that its sports-related contracts constituted unlicensed sports betting. The regulatory conflict between the federal government and the states is intensifying, with prediction market platforms claiming they are regulated as derivatives markets by the CFTC and can operate nationwide, while states like Massachusetts and Nevada view them as a "sports betting loophole" that circumvents state gambling laws, leading to multiple lawsuits and injunctions.The outcome of Polymarket's appeal could reshape the regulatory framework for prediction markets in the United States, determining whether these platforms can operate free from state gambling law restrictions or must comply with varying rules across states, and it may ultimately be appealed to the U.S. Supreme Court.
app_icon
ChainCatcher Building the Web3 world with innovations.