Polymarket has a known exploit where attackers use incrementNonce() on the CTF Exchange to cancel losing orders after they've already been matched on the off-chain orderbook. This was publicly disclosed on Feb 19 and has cost traders thousands.
If you run bots on Polymarket's BTC 5-minute markets, you may have experienced 'ghost fills' β orders that match on the CLOB but never settle on-chain.
The exploit: bad actors call incrementNonce() on the CTF Exchange contract to invalidate their losing orders after matching. They keep only winning sides.
I built Nonce Guard β a free, open-source monitoring tool that:
- Watches Polygon blocks in real-time for incrementNonce() calls
- Builds exploiter address blacklists
- Emits universal alerts (file/socket/webhook) any bot can consume
- Includes counterparty checking
Repo: https://github.com/TheOneWhoBurns/polymarket-nonce-guard
MIT licensed. Works with any Polymarket bot.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments