Polygon Core Devs and Security Partners Resolve Critical Vulnerability

In the last couple of months, Polygon has been investing significant effort and resources into creating an ecosystem of security expert partners, with the goal of improving the security and robustness of all Polygon solutions and products. We have established relationships with a number of teams and individuals that have already helped us immensely; mainly by providing valuable feedback and helping with vulnerability discovery and resolutions.

Recently, a group of whitehat hackers on the bug bounty platform Immunefi disclosed a vulnerability in the Polygon PoS genesis contract. The Polygon core team engaged with the group and Immunefi’s expert team and immediately introduced a fix. The validator and full node communities were notified, and they rallied behind the core devs to upgrade the network. The upgrade was executed within 24 hours, at block #22156660, on Dec. 5. 

Considering the nature of this upgrade, it had to be executed without disclosing the actual vulnerability and without attracting too much attention. We are still finalizing our vulnerability disclosure policy and procedures, and for now we are trying to follow the “silent patches” policy introduced and used by the Geth team.

The upgrade was executed successfully, without impacting liveness and performance of the network in any major way. The vulnerability was fixed and damage was mitigated, with there being no material harm to the protocol and its end-users. All Polygon contracts and node implementations remain fully open source.

We are still working on closing the final proceedings with Immunefi and the whitehat hacker group, primarily in terms of their rewards and multiple rounds of reviews of the fixed vulnerability. We will post a detailed postmortem once this process is finished, likely by the end of next week. 

In addition to this upgrade, Polygon’s core team has carried out an extensive analysis and identified a number of existing processes that can be improved as well as actions that will make the network and our community more resilient in the future. We will share more details about these efforts and improvements in the future.

Thank you all for the continuous support. Please check our blog for the latest developments.

Let’s bring the world to Ethereum!

Website | Twitter | Ecosystem Twitter| Developer Twitter | Enterprise Twitter | Studios Twitter | Telegram | Reddit | Discord| Instagram | Facebook | LinkedIn

More from the Polygon Blog
Introducing Plonky2

Polygon Zero’s mission is simple: to use zero-knowledge proofs to scale Ethereum to a billion users, without compromising decentralization or security. Achieving this requires fast and efficient proof systems. Today, we’re excited to share Plonky2, a major milestone for zero-knowledge cryptography. Plonky2 is a recursive SNARK that is 100x faster than existing alternatives and natively […]

Read More
Polygon Takes A Major Lead In ZK Rollups; Welcomes Mir, A Groundbreaking ZK Startup In A $400M Deal

TL;DR: We are excited to announce that Mir, a startup building groundbreaking ZK tech, is joining the Polygon family in a $400M* deal. Mir gathered a team of talented cryptographers and engineers, and after almost two years of work developed the world’s fastest ZK scaling technology. The Mir team is now joining Polygon in order […]

Read More
Polygon Announces Polygon Miden - A STARK-Based, Ethereum-Compatible Rollup

TL;DR: We are excited to announce the newest member of the Polygon solution suite - Polygon Miden, an upcoming STARK-based, EVM-compatible rollup. The project is led by Bobbin Threadbare, former Facebook’s core ZK researcher who led the development of Winterfell. Today we are releasing Polygon Miden’s core component - Miden VM, the first open-source STARK-based […]

Read More
Why Web3 Developers Are Choosing Polygon Over Other Solutions 

When it comes to deploying on Ethereum, there is only one place that lets developers easily migrate their projects, offers a broad range of scaling options and has some of the industry’s lowest transaction rates. These are just some of the reasons why the number of teams using Polygon jumped 100-fold in the past year. […]

Read More
Polygon’s Breakthrough Year: 2021 in Review

Welcome to 2022! This is shaping up to be another amazing year for the Polygon ecosystem. But after an absolutely breakthrough 2021, it's got big shoes to fill. Over the past year, Polygon made big strides toward accomplishing its mission of bringing the next billion users to Ethereum. The network’s low-fee infrastructure attracted some of […]

Read More
All You Need to Know About the Recent Network Upgrade

Earlier this month, Polygon’s core development team with help from bug bounty  platform Immunefi successfully fixed a critical network vulnerability. Considering the nature of this upgrade, it had to be executed without attracting too much attention. We are now ready to give the full account of what happened. A group of whitehat hackers notified Immunefi, […]

Read More
crossmenuchevron-down-circle