- Polygon recently set up a loophole in smart contracts that could result in a potential loss of $ 24 billion.
- Two white hat hackers have revealed the vulnerability and the second is due to be reported in 3 months.
Ethereum’s second layer polarization solution (MATIC) has quietly fixed a bug that has endangered $ 24 billion of MATIC. Two white-hat hackers were the first to notice the vulnerability in the network’s Genesis Proof-Stake (PoS) contract. They reported this through bounty hosting and Immunefi blockchain security platform on December 3-4.
As Polygon points out, the vulnerability was «critical», endangering 9.27 billion of the total 10 billion MATIC tokens. At the time of writing, this is worth $ 23.6 billion.
To fix the bug, a «bor emergency update» was introduced to the mainnet at block # 22156660 on December 5 at around 7:27 am UTC. In Polygon blog post you can read:
The Polygon core team contacted the Immunefi group and the expert team and immediately introduced a solution. Validators and full node communities were informed, collaborating with core developers to update 80% of the network in 24 hours without downtime.
Polygon and system failure
In addition, the peeling process was carried out in secret, in accordance with Go Ethereum (Geth) policy November 2020. The guideline states that projects or developers must defer notification of major bug fixes until 4-8 weeks after commissioning. This reduces the likelihood of black hat hackers exploiting the patch once it is applied. Polygon already lost 801,601 MATIC (approximately $ 2.04 million) to a «malicious hacker» before the bug was removed.
All you need to know about the recent Polygon network update.
Discovered Security partner found vulnerability
✅Fix was introduced immediately
The network was upgraded by alValidators
DONNo material harm to the protocol / end users
A bounty was paid for hats https://t.co/oyDkvohg33
– Polygon | $ MATIC 💜 (@ 0xPolwg) December 29, 2021
According to Immunefi, white hat hackers will be appropriately rewarded for their efforts to point out the vulnerability. Leon Spacewalker, who was the first to announce the ruling on December 3, will receive a stablecoin reward worth $ 2.2 million. The second hacker, under the pseudonym «Whitehat2», will receive 500,000 MATIC (approximately $ 1.27 million) from Polygon.
Polygon co-founder Jaynti Kanani praised the network for its sheer demonstration and quick fix of the bug, saying:
Importantly, this was a test of the resilience of our network, as well as our ability to act decisively under pressure. Thinking about what was involved, I think our team made the best possible decisions under the circumstances.
Decentralized or not?
In October, Polygon paid a $ 2 million reward to another white hacker for exposing a $ 850 million vulnerability in the network. But despite efforts to maintain the security of the network, the network has been set on fire because it is not «completely decentralized.» The criticism surfaced almost two weeks ago, when Polygon made a hard fork «in the middle of the night» with no prior communication.
According to our data, MATIC is currently trading at $ 2.47, after losing 3.2% the day after a market downturn. However, the signal is up 16.4% and 36.2% over the last fifteen and thirty days, respectively.