Polygon Critical Exploit Fixed

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Polygon Homepage

The Polygon smart chain contained a critical vulnerability which would have allowed for the full drainage of all funds in the network. This was due to an additional function in the smart contract named transferWithSig, which didn't have the proper validation. After being exploited by a malicious actor to mint 801,601 MATIC, the issue was reported by a couple of white hackers via their bug bounty program, and fixed via a stealthy protocol update.

In the end, $2.04m was taken and $3.46m was paid out in bounty. The Polygon team will cover all losses for any affected users.

[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17]

About Polygon

"Polygon is a protocol and a framework for building and connecting Ethereum-compatible blockchain networks. Aggregating scalable solutions on Ethereum supporting a multi-chain Ethereum ecosystem." "Polygon is an open source project built by decentralized team of contributors from all over the world."

"We envision an open, borderless world. A world in which people and machines collaborate and exchange value globally and freely, without gatekeepers or intermediaries. A world in which communities thrive, unconstrained by artificial borders and archaic regulations." "We don’t believe in traditional companies, hierarchy and management. Anyone is welcome to contribute code, ideas or anything else that can help make our vision a reality!"

"Polygon combines the best of Ethereum and sovereign blockchains into a full-fledged multi-chain system. Polygon solves pain points associated with Blockchains, like high gas fees and slow speeds, without sacrificing on security. This multi-chain system is akin to other ones such as Polkadot, Cosmos, Avalanche etc, but with at least three major upsides: (1) It is able to fully benefit from Ethereum’s network effects. (2) It is inherently more secure. (3) It is more open and powerful."

"Polygon combines the best of Ethereum and sovereign blockchains into an attractive feature set." "Ethereum is the blockchain development platform of choice, but it has limitations. Low Throughput. Poor UX (gas, delayed PoW finality). No sovereignty (shared throughput/clogging risk, tech stack not customizable, governance dependence)." "Many projects are exploring Ethereum-compatible blockchains as a way to mitigate these limitations while still leveraging Ethereum’s thriving ecosystem."

The Reality

A "vulnerability put more than 9.27 billion MATIC at risk that is valued at around $23.6 billion at the time of writing, with the figure representing the vast majority of the token’s total supply of 10 billion." "[A]nyone could [have gotten] any amount from $MATIC by abusing a vulnerable contract function that allowed sending any amount without checking if sender has enough balance. These tokens would have been created "out of thin air" (minted)."

What Happened

A "vulnerability put more than 9.27 billion MATIC at risk that is valued at around $23.6 billion at the time of writing, with the figure representing the vast majority of the token’s total supply of 10 billion." "[A]nyone could [have gotten] any amount from $MATIC by abusing a vulnerable contract function that allowed sending any amount without checking if sender has enough balance. These tokens would have been created "out of thin air" (minted)."

TheCryptoBasic reports that Polygon (MATIC) experienced a surprise network update following a hacking incident[18]. The network was hacked, resulting in the theft of 801,601 MATIC tokens. The incident was prompted by the discovery of a vulnerability by a group of whitehat hackers who notified Polygon. The Polygon team, together with these hackers, worked to fix the vulnerability and initiated a network update. Despite their efforts, a malicious hacker exploited the vulnerability and stole the mentioned tokens before the update was fully implemented. Polygon paid a bounty of approximately $3.46 million to the white hat hackers and confirmed that the foundation would cover the theft's cost. The network aims to enhance its security to prevent similar incidents in the future[18].

Key Event Timeline - Polygon Critical Exploit Fixed
Date Event Description
Vulnerability Exploited Prior to the update, some bad actors exploited the vulnerability and stole 801,601 MATIC tokens, currently valued at over $2 million[17].
December 3rd, 2021 Leon Spacewalker Reports Vulnerability The vulnerability was reported by a whitehat hacker named Leon Spacewalker on December 3[17].
December 5th, 2021 Hard Fork Introduced In coordination with Immunefi, a major bug bounty platform for DeFi projects, Polygon investigated the issue, validated a fix, and hard-forked on December 5 to address the vulnerability[17]. The initial announcement reportedly simply calls the update "some bug fixes and also a hard fork"[19].
December 7th, 2021 12:43:00 PM MST Reportedly Launched With "Style" Polygon node operator Mikka Ohtamaa publishes criticism of the way the update is rolled out[19].
December 28th, 2021 8:27:00 PM MST Polygon Summary Polygon summarizes the recent Polygon network update as the discovery of a vulnerability by a security partner, followed by the immediate introduction of a fix. They report that there was no significant harm to the protocol or end-users as a result of this update. Additionally, white hat hackers were rewarded with a bounty for their efforts in identifying and addressing the vulnerability, enhancing the network's security[2].
December 29th, 2021 2:25:00 AM MST CryptoNews Article Published CryptoNews reports that Polygon (MATIC) recently conducted a hard fork without prior explanation, but the network has now justified its actions. The hard fork was prompted by the discovery of a critical vulnerability that could have resulted in the draining of approximately 9.3 billion MATIC tokens (valued at $23.56 billion). The vulnerability was reported by a whitehat hacker named Leon Spacewalker on December 3. In coordination with Immunefi, a major bug bounty platform for DeFi projects, Polygon investigated the issue, validated a fix, and hard-forked on December 5 to address the vulnerability. While some community members were initially frustrated by the unannounced hard fork, the Polygon team has explained that it followed a "silent patches" policy due to the critical nature of the upgrade. They also plan to pay bounties to the whitehat hackers who reported the vulnerability. However, prior to the update, some bad actors exploited the vulnerability and stole 801,601 MATIC tokens, currently valued at over $2 million[17].
December 30th, 2021 9:59:31 AM MST TheCryptoBasic Article Published TheCryptoBasic reports that Polygon (MATIC) experienced a surprise network update following a hacking incident[18]. The network was hacked, resulting in the theft of 801,601 MATIC tokens. The incident was prompted by the discovery of a vulnerability by a group of whitehat hackers who notified Polygon. The Polygon team, together with these hackers, worked to fix the vulnerability and initiated a network update. Despite their efforts, a malicious hacker exploited the vulnerability and stole the mentioned tokens before the update was fully implemented. Polygon paid a bounty of approximately $3.46 million to the white hat hackers and confirmed that the foundation would cover the theft's cost. The network aims to enhance its security to prevent similar incidents in the future[18].

Technical Details

The hard fork was prompted by the discovery of a critical vulnerability that could have resulted in the draining of approximately 9.3 billion MATIC tokens (valued at $23.56 billion)[17].


A "vulnerability put more than 9.27 billion MATIC at risk that is valued at around $23.6 billion at the time of writing, with the figure representing the vast majority of the token’s total supply of 10 billion." "[A]nyone could [have gotten] any amount from $MATIC by abusing a vulnerable contract function that allowed sending any amount without checking if sender has enough balance. These tokens would have been created "out of thin air" (minted)."

"The network noted that a “malicious hacker” managed to steal 801,601 MATIC ($2.04 million) before the bug was resolved." "Despite our best efforts," "a blackhat–or a set of blackhats–managed to steal 801,601 MATIC tokens using the same exploit before the fix was implemented."

"The vulnerability consisted of a lack of balance/allowance check in the transfer function of Polygon’s MRC20 contract and would have allowed an attacker to steal all ~9,276,584,332 MATIC (as of December 5, the date of the fix) from that contract."

"Gasless MATIC transfers are facilitated by the transferWithSig() function. The user who owns the tokens signs a bundle of parameters including the operator, amount, nonce, and expiration. The signature can be later passed to the MRC20 contract by the operator to perform a transfer on behalf of the token owner. This is gasless for the token owner because the operator pays for the gas."

"The main issue is that _transferFrom will call the _transfer function directly without checking whether the from has enough balance. And we can call the transferWithSig() without a valid signature, thanks to the lack of a check to see if ecrecovery returns the zero address."

"The function takes the balances of from and to address and passes that to the _transfer() which also has the same issue. It doesn’t check that the sender has enough balance." "[T]he bug in the token could have allowed an attacker to mint an arbitrary number of tokens from the MRC20 contract."

Total Amount Lost

The total amount at risk has been estimated at $21,057,846,000 USD. The total amount lost has been estimated at $1,820,000 USD.

TheCryptoBasic reports that Polygon (MATIC) experienced a surprise network update following a hacking incident[18]. The network was hacked, resulting in the theft of 801,601 MATIC tokens. The network aims to enhance its security to prevent similar incidents in the future[18].


[20][13]

Immediate Reactions

Reception of Update

Polygon received criticism at the time of deployment from several members of the community.

[21]

"Next time it happens can you at least announce a critical update to all Polygon node operators. Now this looks super unprofessional and confusing for the community. It was not mentioned or pinned down in any major channels or publications." - Mikka Ohtamaa


"CoinDesk reviewed the Polygon Discord server’s validator channel on Dec. 5. It contained multiple validators expressing anger over the core developers’ silence on pushing what is usually a major and well-publicized software upgrade through the shadows." "Indeed, the abrupt hard fork had spillover effects for the network as validators unprepared for the shift were knocked offline, according to the Discord logs." "Though details of the incident wouldn't be released until December 29, chatter on social media in mid-December emerged about Polygon's silent, zero-warning hard fork."

"At the time, Polygon co-founder Mihailo Bjelic said that there was a vulnerability and that the team would release additional details. "We are now investing much more in security and we're making an effort to improve security practices across all Polygon projects," he wrote at the time."

Ultimate Outcome

Some users still remained critical[21].

"Next time it happens can you at least announce a critical update to all Polygon node operators. Now this looks super unprofessional and confusing for the community. It was not mentioned or pinned down in any major channels or publications." - Mikka Ohtamaa

"Polygon paid a total of about $3.46 million as bounty to two white hats who helped discover the bug." "Whitehat @leonspacewalker receive[d] a big $2.2m bounty for his critical find." "According to Immunefi, whitehat hacker “Leon Spacewalker” was the first to report on the security hole on Dec. 3 and will be rewarded with $2.2 million worth of stablecoins for their efforts, while the second unnamed hacker, referred to as “Whitehat2” will receive 500,000 MATIC ($1.27 million) from Polygon." "The $2.2m exceeds the maximum value of Polygon’s critical bounty in recognition of the severity of the vulnerability."

"The project’s co-founder Jaynti Kanani said that such a situation was bound to occur “sooner or later,” but the outcome was a testament to the network’s resilience."

“What’s important is that this was a test of our network’s resilience as well as our ability to act decisively under pressure. Considering how much was at stake, I believe our team has made the best decisions possible given the circumstances.”

"[T]he fix, a hard fork live across 90% of network validators by Block #22156660, according to Polygon’s timeline of events, protected a massive trove of funds for the Ethereum scaling tool. Polygon hadn’t publicly discussed the reasoning for the hard fork before Wednesday." "The upgrade was executed on Dec. 5 without impacting liveness and performance of the network in any major way. The vulnerability was fixed and damage was mitigated, with there being no material harm to the protocol and its end-users. All Polygon contracts and node implementations remain fully open source." "The foundation will bear the cost of the theft."

[20]

Polygon paid a bounty of approximately $3.46 million to the white hat hackers and confirmed that the foundation would cover the theft's cost[18].

A bounty of $3,470,000 USD was paid for the discovery.

Total Amount Recovered

The total amount recovered has been estimated at $1,820,000 USD.

Ongoing Developments

"This experience highlighted the importance of investing into an ecosystem of security expert partners. We are very grateful to Immunefi for all their help. At the end of the day, this brought Polygon a step closer to becoming the most battle-tested scaling solution for Ethereum."

Individual Prevention Policies

This case does not appear to have resulted in a loss to any individual.

The risk of other potential losses can be avoided through greater scrutiny of any protocols which are used. In this case, a missing check for sender balance would have been likely to be uncovered by most credible auditing firms, with the probability increasing exponentially with further reviews. Individuals need to pressure platforms to prioritize security and avoid platforms which haven't been adequately inspected.

Avoid the use of smart contracts unless necessary. Minimize the level of exposure by removing or withdrawing assets whenever possible. Aim to choose smart contracts which have obtained third party security audits, preferably having been audited by at least three separate reputable firms. Pay attention to the audit reports, which smart contracts are covered, and whether the smart contract has been upgraded or modified since the report. Ensure that any administrative functions with the ability to remove funds from the smart contract are under the authority of a multi-signature wallet which is controlled by at least three separate and reputable entities.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

It is recommended that all smart contracts and new protocols obtain at least 2 independent security audits, and a third one within 6 months of launching.

All aspects of any platform should undergo a regular validation/inspection by experts. This validation should include a security audit of any smart contracts, reporting any risks to the backing (of any customer assets, ensuring treasuries or minting functions are properly secured under the control of a multi-signature wallet, and finding any inadequacies in the level of training or integrity of the team. The recommended interval is twice prior to launch or significant system upgrade, once after 3 months, and every 6 months thereafter. It is recommended that the third party performing the inspection not be repeated within a 14 month period.

To limit losses if audits still fail to catch problems on new protocols, there should be an upper limit on tokens distributed by the protocol, with minting additional tokens depending on a multi-signature arrangement that can load additional tokens over time.

All wallets, minting functions, and critical infrastructure should be implemented with a multi-signature requirement, with a recommended minimum of 3 signatures required. This means that making important changes or approving spending will require the keys held by at least 3 separate individuals within the organization to approve. The multi-signature should be implemented at the lowest layer possible, all key holders should have security training, and all key holders should be empowered and encouraged to exercise diligence.

In this case, the protocol had funds available to reimburse those affected. We have recommended that the industry establish an insurance fund to protect investors against losses that may exceed the capabilities of a single protocol's treasury.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

This situation arguably could have been prevented with greater scrutiny of the protocol, as the missing check would have likely been uncovered by a smart contract auditor. It would be extremely unlikely for the missing check to not be caught with 3 independent security audits. To limit losses if multiple audits fail to catch the problem, a safer implementation could have an upper limit on tokens distributed by the protocol, with minting additional tokens depending on a trained human multi-signature arrangement.

All platforms should undergo published security and risk assessments by independent third parties. Two assessments are required at founding or major upgrade, one after 3 months, and one every 6 months thereafter. The third parties must not repeat within the past 14 months. A risk assessment needs to include what assets back customer deposits and the risk of default from any third parties being lent to. The security assessment must include ensuring a proper multi-signature wallet, and that all signatories are properly trained. Assessments must be performed on social media, databases, and DNS security.

In this case, the protocol had funds available to reimburse those affected. An industry insurance fund could also easily cover losses as a fallback. We have recommended that the industry establish an insurance fund to protect investors against losses that may exceed the capabilities of a single protocol's treasury.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

If losses had been more severe, then the blockchain could still be reverted to a pre-exploit state, and compensation would have to be determined for those who traded the token during the exploit. An industry insurance fund provides a strong incentive for establishing solid protocol validators and assistance with a rollback in the event of a breach.

In general, blockchain-level exploits can be resolved by reverting the blockchain to a prior state, which restores all funds to their prior ownership and limits potential losses to those who are transacting between the time of the exploit and the time of the revert. Effort should be undertaken by node operators to switch to a branch that eliminates the exploit as soon as possible to minimize losses. Any remaining losses would be resolved through the industry insurance fund.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Polygon upgrade quietly fixes bug that put $24B of MATIC at risk (Dec 30, 2022)
  2. 2.0 2.1 Polygon - "All you need to know about the recent Polygon network update. A security partner discovered a vulnerability, Fix was immediately introduced, Validators upgraded the network, No material harm to the protocol/end-users, White hats were paid a bounty" - Twitter (Jan 2, 2022)
  3. All You Need to Know About the Recent Network Upgrade — Polygon | Blog (Jan 2, 2022)
  4. Polygon Lack Of Balance Check Bugfix Postmortem 2 2m Bounty (Jan 2, 2022)
  5. Polygon Quietly Patched Vulnerability That Put $24 Billion in MATIC at Risk - Decrypt (Jan 2, 2022)
  6. Polygon Discloses Patched Exploit That Put 9B MATIC at Risk (Jan 2, 2022)
  7. 'Critical' Polygon bug put $24 billion in tokens at risk until recent hard fork (Jan 2, 2022)
  8. @MihailoBjelic Twitter (Jan 2, 2022)
  9. Polygon | Ethereum's Internet of Blockchains (Jan 29, 2022)
  10. About - Polygon | Ethereum's Internet of Blockchains (Jan 29, 2022)
  11. @TalBeerySec Twitter (Jul 22, 2022)
  12. @immunefi Twitter (Jul 22, 2022)
  13. 13.0 13.1 https://coinmarketcap.com/currencies/polygon/historical-data/ (Jul 22, 2022)
  14. @Cranehehe1 Twitter (Jul 23, 2022)
  15. A Hacker Stole $1.6M After Exploiting a Polygon Bug - Crypto Briefing (Aug 24, 2022)
  16. Polygon Admits The Network Was Hacked, Hacker Swiped 801,601 MATIC Tokens - The Crypto Basic : CryptoCurrency (Oct 12, 2022)
  17. 17.0 17.1 17.2 17.3 17.4 17.5 Polygon Justifies Its Quiet Hard-Fork Citing 'Critical Vulnerability' - CryptoNews (Dec 1, 2022)
  18. 18.0 18.1 18.2 18.3 18.4 18.5 18.6 Polygon Admits The Network Was Hacked, Hacker Swiped 801,601 MATIC Tokens - The Crypto Basic (Dec 31, 2022)
  19. 19.0 19.1 Mikka Ohtamaa - "How to announce a hard fork with style" - Twitter (Sep 28, 2023)
  20. 20.0 20.1 Dutch Lichtenstein - "How about the 800,000 $MATIC stolen? Isn’t that material harm?" - Twitter (Sep 13, 2023)
  21. 21.0 21.1 Mikko Ohtamaa - "Next time it happens can you at least announce a critical update to all Polygon node operators. Now this looks super unprofessional and confusing for the community. It was not mentioned or pinned down in any major channels or publications." - Twitter (Sep 28, 2023)