Polygon (MATIC) has officially admitted carrying out a quiet hard-fork earlier in December 2021, owing to a ‘critical vulnerability’ that could have leaked MATIC 9.3bn from the network.
The widely popular Ethereum layer-2 scaling solution Polygon (MATIC) has finally admitted that they carried out a hard-fork of the network on Dec. 5, 2021, in complete silence. The detailed explanation has come 24 days after the event’s occurrence, via a postmortem, that has blamed a critical vulnerability for the apparently unavoidable action.
In details shared through a blog post, Jaynti Kanani, CEO and co-founder of Polygon stressed that keeping in mind the nature of the upgrade, they had to execute it without making the vulnerability public, and without garnering too much attention. He justified that the action was per the ‘silent patches’ policy and that they are currently finalising their vulnerability disclosure procedures and policy.
What actually caused the Polygon hard-fork?
Providing further details, the Polygon team informed that a Whitehat hackers’ group on the well-known bug bounty platform Immunefi, reported a critical vulnerability in Polygon’s PoS genesis contract. In response, they swiftly worked along with the Whitehat group and an expert team from Immunefi, to introduce a fix.
The team stressed that the full node and validator communities were kept in the loop and they supported the core devs in carrying out the network upgrade. As a result, the said upgrade was executed on Dec. 5, at block #22156660, within 24 hours of the vulnerability coming into light.
The end result
Owing to the timely discovery and resolution of the vulnerability, the damage was mitigated, which if reports are to be believed, could have potentially leaked MATIC 9.3bn from the Polygon network, leading to a possible loss of $23.25bn (at the current rate). Nonetheless, a Blackhat hacker, or a group of them, did manage to steal MATIC 801,601 through the exploit, before the update was implemented.
The Polygon team claims to have ensured that no material harm came to the protocol or its end-users. In addition, all node implementations and smart contracts on the network remain entirely open source.