Polygon (MATIC), which offers L2 scalability solutions for the Ethereum network, was about to lose $24 billion worth of MATIC tokens before timely fixing the critical vulnerability.
Announcing the move on Wednesday, Polygon resolved the bug via an “Emergency Bor Upgrade” to the Mainnet at the block height of#22156660 on December 5 at 7:27 am UTC.
All you need to know about the recent Polygon network update.
✅A security partner discovered a vulnerability
✅Fix was immediately introduced
✅Validators upgraded the network
✅No material harm to the protocol/end-users
✅White hats were paid a bounty https://t.co/oyDkvohg33
— Polygon | $MATIC 💜 (@0xPolygon) December 29, 2021
As per a blog post published Wednesday, a group of white hat hackers notified the bug bounty hosting platform Immunefi of a vulnerability in Polygon’s Proof-of-Stake (PoS) Genesis contract. The bug would have allowed an attacker to arbitrarily generate a token using a polygon contract.
After the team confirmed the vulnerability, they started to work towards developing the network. However, a malicious hacker was able to steal 801,601 MATIC, approximately worth $2.04 million at press time, before Polygon devs solved the vulnerability.
A second white hacker (anonymous) also discovered a polygon vulnerability and reported it to Immunefi after the MATIC tokens were stolen. Polygon thereafter upgraded the mainnet.
The bug, had it been found by a black hat hacker, would have left more than 9.27 billion MATIC tokens vulnerable. The tokens, valued at $23.6 billion, represent most of Polygon’s 10 billion supply of MATIC.
Polygon co-founder Jaynti Kanani said in the blog post:
“All projects that achieve any measure of success sooner or later find themselves in this situation. What’s important is that this was a test of our network’s resilience as well as our ability to act decisively under pressure. Considering how much was at stake, I believe our team has made the best decisions possible given the circumstances.”
In addition to the upgrade, the Polygon team conducted an extensive follow-up study to identify possible improvements and ways to improve network security in the future.