You are currently viewing Polygon explains recent fix to critical bug that would have cost the network over $24B
  • Recently, Polygon covertly fixed a smart contract loophole that would have led to the potential loss of $24B.
  • The vulnerability was disclosed by two white hat hackers and is the second to be reported in 3 months.

Ethereum layer-two scaling solution Polygon (MATIC) has quietly fixed a bug that put $24 billion worth of MATIC at risk. Two white hat hackers were the first to note the vulnerability on the network’s Proof-of-Stake (PoS) Genesis contract. They reported it through blockchain security and bug bounty hosting platform Immunefi on Dec. 3 and Dec. 4.

As Polygon notes, the vulnerability was “critical” seeing as it put 9.27 billion of the total 10 billion of MATIC token supply at risk. At writing time, this amount is worth a whopping $23.6 billion.

To resolve the bug, an “Emergency Bor Upgrade” was introduced to the Mainnet at Block #22156660 on Dec. 5 at around 7:27 am UTC. A  Polygon blog post reads,

The Polygon core team engaged with the group and Immunefi’s expert team and immediately introduced a fix. The validator and full node communities were notified, and they rallied behind the core devs to upgrade 80% of the network within 24 hours without stoppage,

Polygon and the system bug

Additionally, the fixation process was conducted covertly, per the Go Ethereum (Geth) policy of Nov. 2020. The guideline states that projects or developers should withhold reporting key bug fixes until 4-8 weeks after they go live. This reduces the likelihood of exploitation by black hat hackers at the time of patching. Polygon already lost 801,601 MATIC (roughly $2.04M) to a “malicious hacker” before the bug was removed.

According to Immunefi, the white hat hackers will be duly rewarded for their efforts in flagging the vulnerability. Leon Spacewalker, who first highlighted the bug on Dec. 3, will receive a reward of stablecoins worth $2.2 million. Meanwhile, the second hacker with the pseudonym “Whitehat2,” will receive 500,000 MATIC (about $1.27M) from Polygon.

Read More: Whitehat hacker detects and discloses critical vulnerability on Polygon, receives $2M bounty

Polygon’s co-founder Jaynti Kanani commended the network for its show of strength and prompt resolution of the bug, saying:

What’s important is that this was a test of our network’s resilience as well as our ability to act decisively under pressure. Considering how much was at stake, I believe our team has made the best decisions possible given the circumstances.

Decentralized or not?

Back in October, Polygon paid another white-hat hacker a $2 million bounty for disclosing an $850 million vulnerability on the network. But despite the network’s security maintenance efforts, it has come under scrutiny for not being ‘fully decentralized.’ The criticism arose almost two weeks ago when Polygon hard forked “in the middle of the night” with no previous communication on the same.

Read More: Polygon hard forked “in the middle of the night” – what really happened?

MATIC per our data is currently priced at $2.47, having shed 3.2 percent in the day following a wider market downtrend. The token is, however, up 16.4 percent and 36.2 percent in the last fortnight and 30-days, respectively.

Der Beitrag Polygon explains recent fix to critical bug that would have cost the network over $24B erschien zuerst auf Crypto News Flash.

Leave a Reply