Polygon ’s Side Of The Story: Hard-Fork Resolved A “Critical Vulnerability”

Here’s the explanation that Polygon offered. The Ethereum Layer 2 network forked its blockchain a few weeks back, apparently without any explanation. NewsBTC presented every piece of information and got to the bottom. The only piece missing was a promised official report with a detailed explanation from Polygon’s experts. This is it? So it seems. 

Similar Reading: Community Voted, Why Uniswap Will be Deployed on Polygon| Community Voted, Why Uniswap Will Be Deployed On Polygon

Before we get into it, let’s remember Polygon’s co-founder Mihailo Bjelic’s explanation as reported by us: 

“We’re making an effort to improve security practices across all Polygon projects,” Bjelic tweeted. “As a part of this effort, we are working with multiple security researcher groups, whitehat hackers etc. One partner discovered a security flaw in one of the newly verified contracts. The fix was immediately implemented and the upgrade coordinated with validators/full-node operators. The network was stable. The network is stable.” 

It’s important to remember that the crypto ecosystem was concerned that the way that they managed to do all this seemed centralized. However, the co-founder assured everyone that “The network is run by validators and full node operators, and we have no control over any of these groups. We just did our best to communicate and explain the importance of this upgrade, but ultimately it was up to them to decide whether they will do it or not.”

However, this was Polygon node operator Mikko Ohtamaa’s further complaint:

“Next time it happens can you at least announce a critical update to all Polygon node operators. This is a very unprofessional move that will confuse the community. It was not mentioned or pinned down in any major channels or publications.”

What did the Polygon Experts say?

Considering the infamous Poly Network exploit was merely in August this year, it’s good to hear Polygon is working hard in securing their whole operation. They’ve ”been investing significant effort and resources into creating an ecosystem of security expert partners, with the goal of improving the security and robustness of all Polygon solutions and products.” With that in mind, this is the company’s version of what happened:

“Recently, a group of whitehat hackers on the bug bounty platform Immunefi disclosed a vulnerability in the Polygon PoS genesis contract. The Polygon core team engaged with the group and Immunefi’s expert team and immediately introduced a fix. After being notified, the validateator and full node communities rallied behind the core development team to upgrade their network. The upgrade was executed within 24 hours, at block #22156660, on Dec. 5.”

So far, so good. This rhymes with Bjelic’s explanation and gives the community more details. We know they didn’t notify the validators or node operators. They don’t even have to lie about it, because they do have a great explanation as to why they ran the whole operation in stealth mode.

“Considering the nature of this upgrade, it had to be executed without disclosing the actual vulnerability and without attracting too much attention. We are still finalizing our vulnerability disclosure policy and procedures, and for now we are trying to follow the “silent patches” policy introduced and used by the Geth team.”

According to Ohtamaa, “there are multiple open source projects out there” that have done similar operations in a more effective manner. And that might be true, but it doesn’t take from the fact that Polygon’s actions were justified.  

Source : MATIC/USD at TradingView.com| Source: MATIC/USD on TradingView.com
The aftermath

The critical update was successful enough to be accepted.

“The vulnerability was fixed and damage was mitigated, with there being no material harm to the protocol and its end-users. All Polygon contracts and node implementations remain fully open source.”

Polygon Opens Vault On MakerDAO, Commits $50 Million Worth Of Matic Tokens| Polygon Opens Vault On MakerDAO, Commits $50 Million Worth Of Matic Tokens

Remember, one of the early criticism was that they forked the Polygon blockchain “to a completely closed-source genesis.” Here, the official source assures that “contracts and node implementations remain fully open source.” Is there something else they want to tell us?

“We are still working on closing the final proceedings with Immunefi and the whitehat hacker group, primarily in terms of their rewards and multiple rounds of reviews of the fixed vulnerability. We will post a detailed postmortem once this process is finished, likely by the end of next week.”

For those who are technically inclined, the team will post another article. That’s above our pay grade. Stay tuned to Polygon’s blog if you’re interested.  

Diana Polekhina, featured image on Unsplash charts by TradingView

Get more Crypto News at CFX Magazine