Polygon ’s Blockchain Hard-Forked Without Warning To Closed-Source Genesis. Why?

What’s going on at Polygon? There seems to be a disturbance in the force over there. Is the Ethereum Layer 2 project alright? Are they doing everything above board or is there something sinister going on? Are they even decentralized if they can hard-fork just like that? Or did they follow the proper procedures and their critics are just uninformed? Can we even answer all of those questions? Probably not. But we can present all the information available and let you all get to your own conclusions.

Let’s start with DeFi Builder Nathan Worsley’s accusation. Or is he just requesting information? Worsley recently tweeted, “Are we all supposed to just shut up and forget about the fact that over a week ago Polygon hard-forked their blockchain in the middle of the night with no warning to a completely closed-source genesis and still haven’t verified the code or explained what is going on?” 

Related Reading | Polygon: Ethereum’s Friend Is Looking To Make Big Strides

The “middle of the night” part is arguable since everyone is in different timezones and the Polygon blockchain is everywhere. However, he cleared up why the issue is important, “Until the code is verified there are no security guarantees about the billions of dollars in assets the chain currently secures.” And tweeted proof of everything else, “Here’s the commit that was hard-forked into production.”

To add credibility to his claim, DeFiance Capital’s Zhu Su joined the chorus asking for answers. “Was this to patch a critical bug? Why and how did this happen?”

Polygon Responds And Shows Receipts

The criticism got a response from Polygon’s co-founder Mihailo Bjelic. “We’re making an effort to improve security practices across all Polygon projects,” Bjelic tweeted. “As a part of this effort, we are working with multiple security researcher groups, whitehat hackers etc. One of these partners discovered a vulnerability in one of the recently verified contracts. We immediately introduced a fix and coordinated the upgrade with validators/full node operators. No funds were lost. The network is stable.”

Ok, that sounds reasonable. Bjelic also promised, “A detailed blog post coming, we are finalizing additional security analyses.” A question lingers in the air, though. And crypto enthusiast J. Vicente Correa asks it in the most direct way possible, “U can fork the chain by yourself and take all my funds as u wish?”

And Polygon’s Mihailo Bjelic answers in the most political way possible. “Absolutely not. The network is run by validators and full node operators, and we have no control over any of these groups. We just did our best to communicate and explain the importance of this upgrade, but ultimately it was up to them to decide whether they will do it or not.”

Fair enough. However…

MATIC price chart on Poloniex | Source: MATIC/USD on TradingView.com
A Node Operator Has Some Criticism Of His Own

In the same thread, Polygon node operator Mikko Ohtamaa blasted the way the company handled the whole thing and also showed receipts. “Next time it happens can you at least announce a critical update to all Polygon node operators. Now this looks super unprofessional and confusing for the community. It was not mentioned or pinned down in any major channels or publications.”

He got a response from Polygon’s other co-creator, Sandeep Nailwal. “This was a security update, and hence pre-public-announcement could’ve escalated things.”

Ok, that makes sense. However, Ohtamaa had more complaints. “Some bug fixes” for a critical patch is not good. If there is a critical fix you co-ordinate with validators.” Plus, he reinforced Nathan Worsley’s original complaint. “It’s really obvious it is a critical security bug if you do unannounced no notice hard fork in the middle of a weekend.”

According to Ohtamaa, “there are multiple open source projects out there” that have done similar operations in a more effective manner. Someone asked what could Polygon have done better. He answered with a series of simple steps. 

  1. Prepare the patch privately.
  2. A few days before, announce a critical security fix is coming. All node operators need to be prepared.
  3. Distribute the patch at the preset time.
  4. Not downplay the criticality of the patch and make idiot-looking release notes.

Related Reading | How Polygon Sealed A $400M Deal To Get Ahead In The Ethereum ZK Rollup Race

So, is there something rotten at Polygon? We will have to wait for the “detailed blog post” Bjelic promised to know for sure.

Featured Image by Mae Mu on Unsplash – Charts by TradingView

editorial staff