TL; DR Breakdown
- Polygon went public on a flaw that saw them make a discreet update.
- They rewarded the hackers who noticed the breach and reported it.
Polygon has patched a flaw that left its indigenous asset, MATIC, valued at over $24 billion, in danger. The blockchain network announced that a hacker who assisted the platform in thwarting a tragedy in early Dec got a $2.2 million bug reward.
On December 3, “white hat,” which goes under the handle “Leon Spacewalker” on Twitter and GitHub, made a revelation. He revealed a vulnerability in an effective Polygon consensus mechanism that housed more than 9 billion MATIC coins. The MATIC had a value of roughly $20.2 billion at the time. By December 5, core engineers had pushed out a fix.
Immunefi, the crypto safety firm that ran the blockchain network’s security patch, wasn’t rapid enough to safeguard all the contracts. On December 4, two attackers stole 801,601 MATIC tokens (valued at roughly $1.4 million at the time). The Polygon Foundation confirmed that it took a hit.
Polygon made an official statement through a blog post
Nonetheless, as per Polygon’s sequence of affairs, the patch, a hard fork live, spans 90% of system verifiers by Block #22156660. It preserved a vast pile of cash for the Ethereum leveling mechanism. Before Wednesday, the blockchain network had not explained the reasons for the hard fork.
“Given the stakes, our crew took the safest choice possible given the scenario.” Said Jaynti Kanani, co-founder of Polygon.
The platform said, through a statement, but the following facts forward.
The network’s core staff interacted with the crew. Also, they reached out to Immunefi’s technical team and implemented a repair. Besides, they alerted the validator and entire node groups. Together, they rallied behind the core developers to upgrade 80% of the network in less than 24 hours without causing any downtime.
Polygon took a hit from validators on secrecy
There was a review on the Polygon Discord server’s validator channel on December 5. Several supernodes expressed their dissatisfaction. Besides, they condemned the core developers for moving a significant software update in the shadows. As per Discord records, the sudden hard fork caused ripple implications for the system. It forced validators which were not equipped to cope offline.
Polygon’s creators admitted that their silence had put them in a vulnerable situation. In a blog post, the group noted, “There is an inherent conflict among both security and disclosure.” They said they observed the Ethereum group’s “quiet fix” policy with a “least” early release.
Jaynti Kanani, a CEO at Polygon, stressed the platform’s potential to fix the severe flaw in a blog article. In a blog post, the co-founder remarked. “What is crucial is that this was a challenge of our platform’s robustness. Also, our capacity to act swiftly under duress.” “Given the stakes, I feel our crew made great judgments it could have under the situation.”
Polygon’s bug bounty program awarded Leon Spacewalker $2.2 million in stablecoins. After the initial thefts, a different white hat who reported the same bug won 500,000 MATIC.
