Polygon Core Devs and Security Partners Resolve Critical Vulnerability

In the last couple of months, Polygon has been investing significant effort and resources into creating an ecosystem of security expert partners, with the goal of improving the security and robustness of all Polygon solutions and products. We have established relationships with a number of teams and individuals that have already helped us immensely; mainly by providing valuable feedback and helping with vulnerability discovery and resolutions.

Recently, a group of whitehat hackers on the bug bounty platform Immunefi disclosed a vulnerability in the Polygon PoS genesis contract. The Polygon core team engaged with the group and Immunefi’s expert team and immediately introduced a fix. The validator and full node communities were notified, and they rallied behind the core devs to upgrade the network. The upgrade was executed within 24 hours, at block #22156660, on Dec. 5. 

Considering the nature of this upgrade, it had to be executed without disclosing the actual vulnerability and without attracting too much attention. We are still finalizing our vulnerability disclosure policy and procedures, and for now we are trying to follow the “silent patches” policy introduced and used by the Geth team.

The upgrade was executed successfully, without impacting liveness and performance of the network in any major way. The vulnerability was fixed and damage was mitigated, with there being no material harm to the protocol and its end-users. All Polygon contracts and node implementations remain fully open source.

We are still working on closing the final proceedings with Immunefi and the whitehat hacker group, primarily in terms of their rewards and multiple rounds of reviews of the fixed vulnerability. We will post a detailed postmortem once this process is finished, likely by the end of next week. 

In addition to this upgrade, Polygon’s core team has carried out an extensive analysis and identified a number of existing processes that can be improved as well as actions that will make the network and our community more resilient in the future. We will share more details about these efforts and improvements in the future.

Thank you all for the continuous support. Please check our blog for the latest developments.

Let’s bring the world to Ethereum!

Website | Twitter | Ecosystem Twitter| Developer Twitter | Enterprise Twitter | Studios Twitter | Telegram | Reddit | Discord| Instagram | Facebook | LinkedIn

More from the Polygon Blog
Polygon Reaches First Sustainability Milestone by Achieving Network Carbon Neutrality

Polygon has made a major first step toward becoming carbon negative with the retirement of $400,000 in carbon credits representing 104,794 tonnes of greenhouse gasses, or the entirety of the network’s CO2 debt since inception.  The milestone comes after Polygon in mid-April released its Green Manifesto, part of its broader vision for sustainable development. The […]

Read More
State of Governance #2: Identity & Reputation

Clink Clank For a period of time, democracy in ancient Athens was exercised in a peculiar way.* Every eligible voter, when entering the hall, would receive a single pebble to be cast in one of two urns during assembly, signifying approval or disapproval on an issue. Athenians, understanding the significance of votes being cast anonymously, […]

Read More
Why Neobanks Will Lead TradFi’s Shift to Web3

Conventional wisdom has it that traditional finance (TradFi) and decentralized finance (DeFi) go together like vampires and garlic. But there is one area of TradFi where that black-and-white picture shades into gray. This is the case for why neobanks will be key to bridging these two worlds. Neobanks, or digital banks, are basically banks without […]

Read More
Polygon ID x Polygon DAO Integration Launches to Create New ZK-based Governance Frameworks

Today, we’re launching the first iteration of Polygon ID - a private and self-sovereign identity solution powered by zero-knowledge cryptography. To start, Polygon ID enables a whole host of features previously inaccessible to DAOs. It will be integrated with Polygon DAO beginning today, and many more DAOs to come soon.  Too often, we’re forced to […]

Read More
Announcing Polygon Pod, a Podcast From the Epicenter of Web3

What’s the future of DeFi? How can blockchain projects shake the reputation for being bad for the environment? What in the world are zero knowledge proofs? How can Web3 attract and accommodate the next billion users? When Flippening? You want to know the answers and so do we. That’s why Polygon is launching Polygon Pod […]

Read More
crossmenuchevron-down-circle