Polygon upgrade fixes a bug that had put $24B of MATIC in danger
The layer two scaling network, Ethereum-based Polygon, has reportedly been quiet while fixing a vulnerability that could have put nearly $24 billion worth of its native token MATIC at risk.
According to a blog post dated December 29, Polygon revealed a “critical” vulnerability in the network’s Proof-of-Stake (PoS) Genesis contract. It was first highlighted on December 3 and 4 by two whitehat hackers via blockchain security and the popular bug bounty hosting platform Immunefi.
The vulnerability had put over 9.27 billion MATIC at risk. The figure was currently valued at nearly $23.6 billion at the time of writing this piece, with the figure representing the huge majority of the token’s total supply of 10 billion.
Polygon also noted that the bug was resolved at Block #22156660 through an “Emergency Bor Upgrade” to the Mainnet on December 5 at around 7:27 AM UTC. The network had noted that a “malicious hacker” had managed stealing 801,601 MATIC ($2.04 million) before the bug had been resolved.
The blog post had mentioned that Polygon’s core team was engaged with the group and Immunefi’s expert team soon after it was discovered, and they coordinated to immediately introduce a fix. The validator and full node communities had been notified, and they were all rallying behind the core devs for upgrading 80 percent of the network within 24 hours without stoppage.
Polygon further stated that the issue had been resolved behind closed doors as it follows the “silent patches” policy that was introduced by the Go Ethereum (Geth) team back in November 2020.
Under the Geth guidelines, projects or developers report on key bug fixes 4-8 weeks after they go live in order to avoid the risk of being exploited while the patching is being conducted.
According to Immunefi, the Whitehat hacker identified as “Leon Spacewalker” was the first one who reported the security hole on December 3. The hacker is set to be rewarded with $2.2 million worth of stablecoins for their sincere efforts, while the second unnamed hacker, titled as “Whitehat2”, will be receiving 500,000 MATIC ($1.27 million) from Polygon.
The Co-Founder of Polygon, Jaynti Kanani, has emphasized the network’s ability to promptly resolving the critical bug, noting in the blog post that what is more important is that this incident came as a test of the network’s resilience as well as their ability “to act decisively under pressure.”
It concluded that considering how much was at stake, the team believes it has made “the best decisions possible” as per the given circumstances.
According to data collated from Coingecko, MATIC is priced at $2.45 and is up by 35.1 percent in the past 30 days despite the current downturn across major crypto assets in December.
