Polygon (MATIC), the Layer 2 solution on top of Ethereum, had recently fixed a bug in its network that was reported by a whitehat named Gerhard Wagner who had noticed a double-spend bug in the network.
It was a critical vulnerability identified by him on October 5, 2021, and this was immediately reported to the Polygon team. if this bug had been exploited by hackers, it could have resulted in around $850 million in losses which is why Gerhard needs to be appreciated for his efforts in identifying the bug and also sincerely reporting it to the concerned team. Polygon has a bug bounty program by which those who report bugs in the network would be handsomely rewarded based on the losses that the network would have suffered if the bug had not been noticed. Based on these calculations, it was found that Gerhard deserved to be rewarded with the maximum bug bounty which turned out to be $2 million.
Considering how much funds were at stake, this was a good reward amount for the whitehat and this incident also shows how important it is to have white hats around and also how important it is for each company to have a bug bounty program that rewards well. With most of the financial services on their way to being fully digitalized, it is humans behind this at the end of the day and hence it is quite likely that such bugs and vulnerabilities can exist in any network for that matter. Companies need to consider such possibilities in a very serious manner rather than be in a state of denial and look at ways and means of how such risks can be mitigated in the long run.
Bug bounty programs could be one of the ways to handle this as it makes the network a target of some of the top developers in the world to try and exploit any holes in the code or the network, in the hope that they can find some and get their hands on the bounty. This makes the network very robust and could lead to the finding of vulnerabilities that may have otherwise gone unnoticed. It is also important for such networks to work with security companies for this exact reason as ultimately what is important is to keep the client funds safe at all times from hackers.
