Phantom Proof Attacks via Weaponized Censorship Resistance in Polygon CDK zkEVM

Online event: https://us06web.zoom.us/j/84513468897?pwd=SEd5TEN3Zi9XaThQRVpsVzZ4OFVmdz09

Thisal de Silva (/ https://www.linkedin.com/in/thisal-de-silva/) will deliver a talk:

This talk focuses on Polygon CDK, a modular toolkit for deploying EVM-compatible L2 chains, and its shared ZK proving system. Polygon zkEVM includes an egress hatch, a censorship-resistance mechanism that lets users force transactions through L1 when the sequencer is unavailable or censoring. We show how this safety feature can itself be weaponized. We introduce H-ZARE (Heterogeneous zkEVM Arithmetized Root Equivalence), a vulnerability class affecting the Polygon zkEVM validity proof system and by extension every chain built on Polygon CDK. H-ZARE arises when the ZK prover's arithmetization accepts a transaction that the execution client rejects, producing a state change that violates the EVM specification yet carries a cryptographically valid proof. We demonstrate how an attacker can exploit this divergence through the egress hatch to execute a double-spend, prove a Token Conservation Violation theorem showing the resulting token surplus is irreducible, and report empirical confirmation of phantom proof generation on a pre-patch zkProver. The talk closes by reflecting on what this vulnerability class reveals about the broader challenges of zkEVM engineering: rapid development cycles, documentation gaps, and the lack of systems-level thinking, and why cross-implementation standardisation is becoming increasingly critical.