bug-bounty622
facebook466
xss316
google157
microsoft104
rce102
apple62
csrf60
web355
account-takeover53
writeup51
exploit43
sqli41
dos34
ssrf34
cve33
cloudflare32
privilege-escalation29
defi28
malware26
smart-contract-vulnerability25
idor25
node25
subdomain-takeover24
clickjacking23
smart-contract23
ethereum23
access-control21
vulnerability-disclosure21
auth-bypass19
reverse-engineering19
react19
remote-code-execution18
aws18
lfi18
cloud17
cors17
info-disclosure16
oauth16
race-condition16
supply-chain15
docker14
authentication-bypass14
solidity14
browser13
phishing13
denial-of-service11
sql-injection11
delegatecall11
wordpress10
0
8/10
vulnerability
Verichains discovered a critical proof forgery vulnerability in Polygon zkEVM's zkProver component stemming from field incompatibilities between STARK (F_p^3) and SNARK (F_q) operations, combined with improper constraints in Merkle root computation and arithmetic gates, allowing generation of counterfeit proofs that could manipulate network state. The vulnerability was patched in December 2023 through constraint additions and operational segregation in the pil-stark library.
zero-knowledge-proof
zkvm
layer-2
polygon
proof-forgery
cryptographic-vulnerability
stark
snark
recursive-proving
merkle-root
field-incompatibility
arithmetic-gate
trusted-aggregator
blockchain-security
ethereum
bug-disclosure
Polygon zkEVM
Verichains
Troy
Immunefi
Ethereum
eSTARK
SNARK
STARK
BN128
pil-stark
Fork ID 4
Fork ID 5
Fork ID 8