bug-bounty621
facebook427
xss316
google101
rce99
csrf60
microsoft56
web355
account-takeover53
writeup50
sqli41
apple38
ssrf34
cve33
exploit32
dos31
privilege-escalation28
defi28
cloudflare27
smart-contract-vulnerability25
idor24
subdomain-takeover24
smart-contract23
clickjacking23
ethereum23
access-control21
vulnerability-disclosure21
malware20
auth-bypass19
remote-code-execution18
lfi17
cors16
reverse-engineering15
race-condition15
cloud15
authentication-bypass14
solidity14
oauth12
info-disclosure12
aws12
browser11
phishing11
sql-injection11
delegatecall11
denial-of-service11
web-application-security10
web-security9
token-theft9
vulnerability9
responsible-disclosure9
0
8/10
vulnerability
Verichains discovered a critical proof forgery vulnerability in Polygon zkEVM's zkProver component stemming from field incompatibilities between STARK (F_p^3) and SNARK (F_q) operations, combined with improper constraints in Merkle root computation and arithmetic gates, allowing generation of counterfeit proofs that could manipulate network state. The vulnerability was patched in December 2023 through constraint additions and operational segregation in the pil-stark library.
zero-knowledge-proof
zkvm
layer-2
polygon
proof-forgery
cryptographic-vulnerability
stark
snark
recursive-proving
merkle-root
field-incompatibility
arithmetic-gate
trusted-aggregator
blockchain-security
ethereum
bug-disclosure
Polygon zkEVM
Verichains
Troy
Immunefi
Ethereum
eSTARK
SNARK
STARK
BN128
pil-stark
Fork ID 4
Fork ID 5
Fork ID 8