Polygon upgrade quietly fixes bug that put $24B of MATIC at risk

Ethereum-based layer-two scaling web Polygon has softly fixed a vulnerability that enactment astir $24 cardinal worthy of its autochthonal token, MATIC, astatine risk.

According to a Wednesday blog station from Polygon, the “critical” vulnerability successful the network’s proof-of-stake Genesis declaration was archetypal highlighted by 2 whitehat hackers connected Dec. 3 and Dec. 4 via blockchain security and bug bounty hosting level Immunefi.

All you request to cognize astir the caller Polygon web update.
✅A information spouse discovered a vulnerability
✅Fix was instantly introduced
✅Validators upgraded the network
✅No worldly harm to the protocol/end-users
✅White hats were paid a bounty https://t.co/oyDkvohg33

— Polygon | $MATIC (@0xPolygon) December 29, 2021

The vulnerability enactment much than 9.27 cardinal MATIC astatine hazard that is valued astatine astir $23.6 cardinal astatine the clip of writing, with the fig representing the immense bulk of the token’s full proviso of 10 billion.

Polygon noted that the bug was resolved astatine artifact 22,156,660 via an “Emergency Bor Upgrade” to the mainnet connected Dec. 5 astatine astir 7:27 americium UTC. The web noted that a “malicious hacker” managed to bargain 801,601 MATIC ($2.04 million) earlier the bug was resolved. The blog station said:

“The Polygon halfway squad engaged with the radical and Immunefi’s adept squad and instantly introduced a fix. The validator and afloat node communities were notified, and they rallied down the halfway devs to upgrade 80% of the web wrong 24 hours without stoppage.”

Polygon stated that the contented was fixed down closed doors arsenic it follows the “silent patches” argumentation introduced by the Go Ethereum squad successful November 2020. Under the guidelines, projects oregon developers study connected cardinal bug fixes 4 to 8 weeks aft they spell unrecorded to debar the hazard of being exploited astatine the clip of patching.

According to Immunefi, whitehat hacker “Leon Spacewalker” was the archetypal to study connected the information spread connected Dec. 3 and volition beryllium rewarded with $2.2 cardinal worthy of stablecoins for their efforts, portion the 2nd unnamed hacker, referred to arsenic “Whitehat2” volition person 500,000 MATIC ($1.27 million) from Polygon.

Related: Here's however Polygon is challenging the limitations of Ethereum, arsenic told by co-founder Sandeep Nailwal

Polygon co-founder Jaynti Kanani emphasized the network’s ability to promptly resoluteness the captious bug, noting successful the blog station that:

“What’s important is that this was a trial of our network’s resilience arsenic good arsenic our quality to enactment decisively nether pressure. Considering however overmuch was astatine stake, I judge our squad has made the champion decisions imaginable fixed the circumstances.”

According to information from CoinGecko, MATIC is priced astatine $2.45 and is up 35.1% implicit the past 30 days contempt the existent downturn crossed large crypto assets this month.