Polymarket has a known exploit where attackers use incrementNonce() on the CTF Exchange to cancel losing orders after they've already been matched on the off-chain orderbook. This was publicly disclosed on Feb 19 and has cost traders thousands.
If you run bots on Polymarket's BTC 5-minute markets, you may have experienced 'ghost fills' โ orders that match on the CLOB but never settle on-chain.
The exploit: bad actors call incrementNonce() on the CTF Exchange contract to invalidate their losing orders after matching. They keep only winning sides.
I built Nonce Guard โ a free, open-source monitoring tool that:
- Watches Polygon blocks in real-time for incrementNonce() calls
- Builds exploiter address blacklists
- Emits universal alerts (file/socket/webhook) any bot can consume
- Includes counterparty checking
Repo: https://github.com/TheOneWhoBurns/polymarket-nonce-guard
MIT licensed. Works with any Polymarket bot.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
๐ฐ Install these recommended apps:
๐ฒ SocialGood - 100% Crypto Back on Everyday Shopping
๐ฒ xPortal - The DeFi For The Next Billion
๐ฒ CryptoTab Browser - Lightweight, fast, and ready to mine!
๐ฐ Register on these recommended exchanges:
๐ก Binance๐ก Bitfinex๐ก Bitmart๐ก Bittrex๐ก Bitget
๐ก CoinEx๐ก Crypto.com๐ก Gate.io๐ก Huobi๐ก Kucoin.
Comments