Crypto News

Polygon ’s Side Of The Story: Hard-Fork Resolved A “Critical Vulnerability”

The Polygon staff supplied an evidence and right here it’s. A few weeks in the past, the Ethereum Layer 2 community hard-forked their blockchain, seemingly with out clarification. As regular, NewsBTC obtained to the underside of the case and introduced the entire out there data. The solely piece lacking was a promised official report with an in depth clarification from Polygon’s consultants. Is this it? Apparently so. 

Related Reading | Community Voted, Why Uniswap Will Be Deployed On Polygon

Before we get into it, let’s keep in mind Polygon’s co-founder Mihailo Bjelic’s clarification as reported by us: 

“We’re making an effort to improve security practices across all Polygon projects,” Bjelic tweeted. “As a part of this effort, we are working with multiple security researcher groups, whitehat hackers etc. One of these partners discovered a vulnerability in one of the recently verified contracts. We immediately introduced a fix and coordinated the upgrade with validators/full node operators. No funds were lost. The network is stable.” 

It’s necessary to keep in mind that the crypto ecosystem was involved that the way in which that they managed to do all this appeared centralized. However, the co-founder assured everybody that “The network is run by validators and full node operators, and we have no control over any of these groups. We just did our best to communicate and explain the importance of this upgrade, but ultimately it was up to them to decide whether they will do it or not.”

However, this was Polygon node operator Mikko Ohtamaa’s additional criticism:

“Next time it happens can you at least announce a critical update to all Polygon node operators. Now this looks super unprofessional and confusing for the community. It was not mentioned or pinned down in any major channels or publications.”

What Did The Polygon Experts Say?

Considering the notorious Poly Network exploit was merely in August this 12 months, it’s good to listen to Polygon is working laborious in securing their complete operation. They’ve ”been investing important effort and sources into creating an ecosystem of safety professional companions, with the purpose of enhancing the safety and robustness of all Polygon options and merchandise.” With that in thoughts, that is the corporate’s model of what occurred:

“Recently, a group of whitehat hackers on the bug bounty platform Immunefi disclosed a vulnerability in the Polygon PoS genesis contract. The Polygon core team engaged with the group and Immunefi’s expert team and immediately introduced a fix. The validator and full node communities were notified, and they rallied behind the core devs to upgrade the network. The upgrade was executed within 24 hours, at block #22156660, on Dec. 5.”

So far, so good. This rhymes with Bjelic’s clarification and provides the group extra particulars. However, we all know that they barely notified the validators and node operators. They don’t even must lie about it, as a result of they do have an important clarification as to why they ran the entire operation in stealth mode.

“Considering the nature of this upgrade, it had to be executed without disclosing the actual vulnerability and without attracting too much attention. We are still finalizing our vulnerability disclosure policy and procedures, and for now we are trying to follow the “silent patches” coverage launched and utilized by the Geth staff.”

According to Ohtamaa, “there are multiple open source projects out there” which have performed related operations in a simpler method. And that may be true, nevertheless it doesn’t take from the truth that Polygon’s actions had been justified.  

MATIC price chart on Binance | Source: MATIC/USD on TradingView.com
The Aftermath

In the top, the vital replace labored out effective sufficient:

“The vulnerability was fixed and damage was mitigated, with there being no material harm to the protocol and its end-users. All Polygon contracts and node implementations remain fully open source.”

Related Reading | Polygon Opens Vault On MakerDAO, Commits $50 Million Worth Of Matic Tokens

Remember, one of many early criticism was that they forked the Polygon blockchain “to a completely closed-source genesis.” Here, the official supply assures that “contracts and node implementations remain fully open source.” Is there one thing else they wish to inform us?

“We are still working on closing the final proceedings with Immunefi and the whitehat hacker group, primarily in terms of their rewards and multiple rounds of reviews of the fixed vulnerability. We will post a detailed postmortem once this process is finished, likely by the end of next week.”

The staff will publish one more put up with much more particulars for the technically oriented folks. That’s above our pay grade. Stay tuned to Polygon’s weblog should you’re .  

Featured Image by Diana Polekhina on Unsplash – Charts by TradingView

Related posts

Ethereum Hashrate Taps Record-Setting 1 Petahash as ETH’s Mining Profitability Remains High – Mining Bitcoin News

Crypto Advisor

Decentralized marketplace Particl introduces native ‘BasicSwap’ DEX » CryptoNinjas

Crypto Advisor

Cardania Launches on KICK․IO Starting February 15 – Press release Bitcoin News

Crypto Advisor

Leave a Comment