Polymarket has a known exploit where attackers use incrementNonce() on the CTF Exchange to cancel losing orders after they’ve already been matched on the off-chain orderbook. This was publicly disclosed on Feb 19 and has cost traders thousands.
If you run bots on Polymarket’s BTC 5-minute markets, you may have experienced ‘ghost fills’ — orders that match on the CLOB but never settle on-chain.
The exploit: bad actors call incrementNonce() on the CTF Exchange contract to invalidate their losing orders after matching. They keep only winning sides.
I built Nonce Guard — a free, open-source monitoring tool that:
Watches Polygon blocks in real-time for incrementNonce() calls Builds exploiter address blacklists Emits universal alerts (file/socket/webhook) any bot can consume Includes counterparty checkingRepo: https://github.com/TheOneWhoBurns/polymarket-nonce-guard
MIT licensed. Works with any Polymarket bot.
submitted by /u/Vanadium_Hydroxide [link] [comments]r/CryptoCurrencyRead More
You might also be interested in reading DeFi protocol Sturdy Finance offers $100K bounty to hacker if funds are returned.