Verichains discovered a critical proof forgery vulnerability in Polygon zkEVM's zkProver component stemming from field incompatibilities between STARK (F_p^3) and SNARK (F_q) operations, combined with improper constraints in Merkle root computation and arithmetic gates, allowing generation of counterfeit proofs that could manipulate network state. The vulnerability was patched in December 2023 through constraint additions and operational segregation in the pil-stark library.
A critical type-confusion vulnerability in Polygon's Heimdall consensus layer allowed rogue validators to forge StakeUpdate events without proper type verification, potentially enabling validator takeover and fraudulent bridge events affecting $2B+ in locked assets. The flaw exploited incomplete event signature validation in the UnpackLog function, which failed to verify the event topic hash.