Exchange
polymarket
Drift Type
changed_params / auth_change
Severity
CRITICAL — V2 exchange contracts are entirely different from V1. Approvals and on-chain interactions targeting V1 addresses will fail. The collateral token changed, requiring a new wrap/approval flow.
Their Docs
New V2 contract addresses (live 2026-04-28):
- CTF Exchange:
0xE111180000d2663C0091e4f400237545B87B996B (was 0x4bFb41d5B3570DeFd03C39a9A4D8dE6Bd8B8982E)
- Neg Risk Exchange:
0xe2222d279d744050d28e00520010520000310F59 (was 0xC5d563A36AE78145C45a50134d48A1215220f80a)
New collateral token:
- Polymarket USD / pUSD:
0xC011a7E12a19f7B1f670d46F03B03f3342E82DFB (was USDC.e: 0x2791Bca1f2de4661ED88A30C99A7a9449Aa84174)
- API-only operators must call
wrap() on the Collateral Onramp contract to convert USDC/USDC.e to pUSD; the UI handles this automatically
New API endpoint required for pUSD balance sync:
GET /balance-allowance/update — must be called after wrapping pUSD to sync the exchange's cached balance state
Source: https://docs.polymarket.com/v2-migration
Our Cached Spec
The spec files do not document contract addresses. However, any hardcoded addresses in core/src/exchanges/polymarket/auth.ts or index.ts that reference V1 contract addresses will produce failed transactions. The GET /balance-allowance/update endpoint does not exist in core/specs/polymarket/PolymarketClobAPI.yaml.
File: core/specs/polymarket/PolymarketClobAPI.yaml, core/src/exchanges/polymarket/auth.ts
callApi() References at Risk
None specific — but any on-chain interaction (EIP-712 signing with old contract address as verifyingContract) uses the wrong domain.
Hardcoded URL Bypasses
https://polygon-rpc.com at index.ts:674 — used for on-chain balance lookup
Impact
- On-chain balance/allowance approvals granted to V1 contract addresses are not recognized by V2 contracts — trading blocked until re-approval.
- USDC.e allowances don't transfer to pUSD — users need to wrap and re-approve.
- Balance queries returning
0 are likely because the balance-allowance cache needs the new /balance-allowance/update endpoint to sync.
Found by automated spec drift audit
Exchange
polymarket
Drift Type
changed_params / auth_change
Severity
CRITICAL — V2 exchange contracts are entirely different from V1. Approvals and on-chain interactions targeting V1 addresses will fail. The collateral token changed, requiring a new wrap/approval flow.
Their Docs
New V2 contract addresses (live 2026-04-28):
0xE111180000d2663C0091e4f400237545B87B996B(was0x4bFb41d5B3570DeFd03C39a9A4D8dE6Bd8B8982E)0xe2222d279d744050d28e00520010520000310F59(was0xC5d563A36AE78145C45a50134d48A1215220f80a)New collateral token:
0xC011a7E12a19f7B1f670d46F03B03f3342E82DFB(was USDC.e:0x2791Bca1f2de4661ED88A30C99A7a9449Aa84174)wrap()on the Collateral Onramp contract to convert USDC/USDC.e to pUSD; the UI handles this automaticallyNew API endpoint required for pUSD balance sync:
GET /balance-allowance/update— must be called after wrapping pUSD to sync the exchange's cached balance stateSource: https://docs.polymarket.com/v2-migration
Our Cached Spec
The spec files do not document contract addresses. However, any hardcoded addresses in
core/src/exchanges/polymarket/auth.tsorindex.tsthat reference V1 contract addresses will produce failed transactions. TheGET /balance-allowance/updateendpoint does not exist incore/specs/polymarket/PolymarketClobAPI.yaml.File:
core/specs/polymarket/PolymarketClobAPI.yaml,core/src/exchanges/polymarket/auth.tscallApi() References at Risk
None specific — but any on-chain interaction (EIP-712 signing with old contract address as
verifyingContract) uses the wrong domain.Hardcoded URL Bypasses
https://polygon-rpc.comat index.ts:674 — used for on-chain balance lookupImpact
0are likely because the balance-allowance cache needs the new/balance-allowance/updateendpoint to sync.Found by automated spec drift audit