Vulnerability Analysis of Polygon’s MRC20 Contract

2 min readDec 30, 2021


On December 3 and 4, two critical vulnerability reports were submitted to Polygon by two white hat hackers.

Analysis by BEOSIN’s security team has shown that the vulnerability is located in the Genesis MRC20 contract on Polygon. The vulnerability is due to an unchecked caller balance in the transferWithSig function, so an attacker can call the transferWithSig function to steal all the MATICs in the contract. Polygon then took action and completed a 90% verified node mainnet upgrade on December 5, 2021 at a block height of 22,156,660, fixing the vulnerability and paid a bounty of $3.46 million to the two white hat hackers. Unfortunately according to official statistics, hackers still have stolen about 801601 MATIC before fixing the vulnerability.

According to the official description, MATIC tokens are virtual assets in the Polygon network that pay gas fees. When the MATIC token owner signs the parameters such as trading MATIC quantity and expiration time, the operator will pass the signature to the transferWithSig function of the MRC20 contract, and act as an agent to execute the MATIC transfer. Then the token owner will not need to pay the gas fee, and instead the operator will pay the gas fee to realize the function of transferring MATIC without gas.

Analysis of transferWithSig function

The transferWithSig function first ensures that this signature hash is not used to prevent the transaction from being replayed. The ecrecovery function is then used to recover the ‘address from’ from the signature and passed to the _transferFrom function to perform the transfer.

Figure 1 transferWithSig function

At this point _transferFrom queries the from, to address balance, but does not determine whether the from balance can pay for this transaction, and directly calls _transfer to execute the transaction. The contract sends the transaction tokens to the target to address of the recipient, but does not deduct the from address balance.

Figure 2 _transferFrom function
Figure 3 _transfer function

Therefore,any address calling the transferWithSig function will get a large amount of MATIC.




Blockchian Security · IDE · Beosin-VaaS · Formal Verification · SAS | China leading enterprise in blockchain security field