Researchers Say Polymarket Design Flaw Allows Traders to Cancel Losing Bets, Generate $1.49M in Profits

A June 15 arXiv study says a settlement vulnerability in Polymarket’s hybrid trading design allowed traders to invalidate matched orders before on-chain settlement, creating failed trades that the authors call “Ghost Fills.”

The paper, “The Ghosts of Polymarket: When Off-Chain Matches Meet On-Chain Reverts,” was written by Yiming Shen, Yuhan Jin, Shuohan Wu, Yanlin Wang and Jiachi Chen. The researchers built a tool called GhostHunter to analyze reverted Polymarket matchOrders transactions on Polygon between August 15, 2025, and May 6, 2026.

The study says GhostHunter found 1,952,440 reverted settlement transactions involving 233,887 participants. Of those, 980,133 were attributed to cancellation attacks, which the authors estimate generated at least $1.49 million in profit. The reverted transactions represented $1.78 billion worth of collateral that failed to settle on-chain and consumed 2.35 million POL in operator gas.

Researchers Say Ghost Fills Expose A Gap Between Polymarket’s CLOB And Polygon Settlement

Polymarket uses a central limit order book, or CLOB, to match orders off-chain, while final settlement happens through smart contracts on Polygon. The study says that design creates a timing gap: because Polymarket matches orders off-chain before submitting settlement transactions on-chain, traders could still change wallet state during the intervening period, according to the researchers.

If the on-chain matchOrders transaction later reverts, the paper says no transfer occurs, even though the trade was already reported as filled off-chain. That matters for market makers, arbitrage bots, and other traders who may act on the reported fill before settlement is confirmed.

“A Ghost Fill is therefore not merely a failed transaction; it shifts the risk of delayed settlement onto the party that trusted the reported fill.”

A counterparty may lose the economic benefit of a matched trade if settlement is later invalidated, allowing a trader to selectively avoid transactions that become unfavorable after matching.

The paper identifies four attack vectors: nonce bump, balance drain, allowance revoke, and proxy trap. It says those vectors appeared in 35 variants and were used to selectively revert filled orders.

Nonce bump attacks update an account's order nonce after matching, while balance drain attacks remove collateral needed to complete settlement. Allowance revoke attacks remove token transfer permissions, and proxy trap attacks use smart contracts designed to reject settlement transfers.

According to the study, the attacks enabled risk-free prediction, arbitrage-bot hunting, and liquidity reward manipulation. The paper says the hourly revert rate peaked above 24.3% on May 4, creating what the authors described as a de facto denial-of-service condition.

Polymarket’s V2 Upgrade Changed The Failure Surface But Did Not End The Risk

Polymarket launched CLOB V2 on April 28, 2026, introducing new exchange contracts, a rewritten CLOB backend, and a new collateral token, Polymarket USD, or pUSD. The migration guide says legacy V1 SDKs and V1-signed orders are no longer supported in production.

CLOB V2 also removed the nonce system and replaced order uniqueness with millisecond timestamps. That change is significant because the study identified nonce bumping as one of the attack paths under V1.

According to the researchers, the upgrade did not eliminate Ghost Fills. Instead, V2 shifted the primary source of reverts, with rejected ERC-1155 token-delivery callbacks becoming the dominant failure mode after the migration.

The paper says Polymarket later introduced a deposit-wallet system that routes collateral through platform-controlled wallets before settlement. The researchers said the change reduces a trader's ability to alter balances or revoke token approvals after an order has been matched, addressing several attack paths identified in the study.

Even with those mitigations, the authors conclude that off-chain fills remain provisional until on-chain settlement succeeds.

The researchers argue the issue is not limited to Polymarket. GhostHunter scanned Sourcify-verified contracts and identified 167 Polymarket-like deployments across 10 chains, including 71 byte-identical copies, holding at least $23 million in user funds. The authors said they disclosed their findings to Polymarket and affected third parties and released a GitHub artifact containing detection rules, analysis scripts, and SQL queries.