Matic Netowk (MATIC) Analysis

Introduction

Matic Network has been a project on my radar for quite some time now, but one that I have never had the opportunity to spend any time properly researching. The article audience is intended to be technically savvy investors e.g. developers and Information Technology people.

For those who’d like to learn a little more about Matic Network prior to reading this report, here are some primary links:

• MATIC
• MATIC Twitter
• Medium
• MATIC Telegram
• MATIC Linkedin

This article might get updated, so stay tuned, and is meant to provide a holistic overview of Matic Network for readers, both old and new to Matic Network.

Fundamental Analysis/ Metrics

Name: Matic Network 

Ticker: MATIC

Token Type: ERC-20

Validator Method: PoS

Platform: Ethereum blockchain only (currently)

Category: Mid cap

Transactions Per Second: up to 10,000 (internal test-net)

Note: As of 30/11/2020 Ethereum can only process on average about 14 transactions

Consensus Mechanism: Plasma + Proof of Stake (implemented in Bor component)

Sector (Use cases): Payments, Decentralized Exchanges, Gaming Networks

Exchanges: Link

Head Quarters (HQ): Bengaluru, Karnataka (India)

Number of employees: 61 employees (Linkedin - 28/Nov/2020)

Two year growth: 281%  (Linkedin - 28/Nov/2020)

Company year founded: 2017

The company HQ is in India (not a big fun of India as a tech startup place). The most impressive part is that Matic Network has a growth, based on the Linkedin Insights Premium service, of 281%. The after mentioned percentage refers to the employee growth. The company started with 16 employees on Nov 2018 and reached 61 employees on Nov 2020. 

The company employee ratio, based on specialty seems to be well balanced, see below:

We can see from above that the company takes Marketing (17% of total employees) and Social Media presence (15% of total employees)  seriously. The LinkedIn profile is populated with frequent posts adding a professional look to the company, most recent post was 4 days ago. The company official blog also looks to be updated frequently. Another interesting fact about the company is that 7% of the employees is dedicated to education (e.g. by producing high quality educational content). From the above we can conclude that Matic Network is moving to the right direction, by pursuing fast market adaptation, through marketing, social communities and education. The Matic Network has a very well designed web site and a lot of material on their products. The only negative aspect is that, Matic Network is entering multiple highly competitive markets such as payments and gaming, limiting their chance to succeed.      

Launch Overview

Matic Network was conceptualized on 2017 by Jaynti Kanani and Sandeep Nailwal. Matic Network launched a private/pre-sale on  1/Jan/2018 that ended on 31/Dec/2018. They also launched their IEO on 24/Apr/2019 and ended on 26/Apr/2019. 

What is the Matic Network[1]:

"Matic Network provides scalable, secure and instant Ethereum transactions using Plasma side chains and a Proof-of-Stake network." [1]

Matic Network MATIC IEO Review [4]:

IEO price: $ 0.00263

ROI since IEO: USD: 6.98x  (+598.4%)

ATH ROI since IEO: USD: 17.19x  (1618.9%)

Tokens For Sale: 1,900,000,000

Hard Cap: $ 5,000,000

Matic Network MATIC ICO (Private-Sale/Presale) Review [4]:

Private/Pre-sale price: $ 0.00263

ATH ROI since Private/Pre-sale: USD: 17.19x  (1618.9%)

Lock-up: 50% unlocked in the first month of Private-Sale/Presale, remaining 50% unlocked in the seventh month

Note: The top 100 holders collectively own 97.44% tokens of Matic Network

Address token allocation:

Token Economics

Circulating supply (market cap): $86,879,574.00

Total Supply: 10,000,000,000 MATIC

Holders: 19,960 addresses

Total Hard Cap: $5,600,000

For sale: 3,230,000,000 (32.30%)

Public sale: 1,900,000,000 (19.00%)

24-hour trading volume: $11,186,210 (source coingecko)

Most active market: Binance

Note: Hard cap is defined as the maximum amount of money a cryptocurrency can receive from investors in its Initial Coin Offering (ICO) [5].

Token Staking

MATIC Token Investors can leverage their crypto via staking. Currently there are 3 options to earn passive income and staking rewards with your Matic Network. This can be done through:

1. Delegate Matic
2. Run validator
3. Lend Matic Network

Run validator

At this point is important to clarify that validators stake their Matic tokens as collateral to work for the security of the network and in exchange for their service, earn rewards [1].

Matic will be allocating 12% of its total supply of 10 billion tokens to fund the staking rewards. This is to ensure that the network is seeded well enough until transaction fees gain traction. These rewards are primarily meant to jump-start the network. While the protocol in the long run is intended to sustain itself on the basis of transaction fees [1]. Below you can see the reward formula:

Validator Rewards = Staking Rewards + Transaction Fees

This is allocated in a way to ensure gradual decoupling of staking rewards from being the dominant component of the validator rewards [1]. Rewards are distributed to all stakers proportional to their stake at every checkpoint with an exception being the proposer getting an additional bonus. User reward balance gets updated in the contract which is referred to while claiming rewards [1].

Delegate Matic

Delegators are token holders who cannot, or do not want to, run a validator node themselves. They can delegate staking tokens to a validator and obtain a part of their revenue in exchange. Because they share revenue with their validators, delegators also share risks. Should a validator misbehave, each of their delegators will be partially slashed in proportion to their delegated stake [19]. 

Lend Matic Network

You simple give resources to MATIC network by installing related software.

stakingrewards.com did us a favor and added MATIC staking calculations:

Matic Partnerships

Matic Network first partnered with Blockchain Foundry [9], in order to increase their know how. Moving forward they partnered with Ankr Network [10] to help them set up a staking network. This shows strong appetite for fast adaptation again. Also most partnerships took place on 2020. 

Below you can see most of the partnerships that took place in 2020:  

    

Social Media Presence 

Twitter followers: 58.4K Followers

Telegram: 29912 total members

Telegram: 1245 online

The Telegram community is active and healthy (e.g. members do not exchange cooking recipes etc.). Matic Network has multiple Telegram channel (their main channel has 29912 members). Same applies for Twitter. 

Technical Analysis

All time high (ATH): $0.023778

All time low (ATL): $0.015362

Major resistance line: $0.022350

Major support line: $0.00995

Tradingview set to 45 min with indicators RSI Candle and 9 day WMA:

From the diagram above, we can see that when Matic Network token was released, went from the initial coin release hype to a new higher high, this shows the potential for great growth. As already reported the company does have good token economics and low inflation. I am suspecting that one of the reasons that Matic Network push forward so hard is because they want to fully exploit the current Bitcoin bull market. 

60 day trading volume from cryptometer:

Technology Overview

Matic Network solution solves the scalability issue by transferring assets from the base chain to another  (called the “sidechain”), while ensuring asset security using the Plasma framework and a decentralized network of Proof-of-Stake (PoS) validators, so as to avoid miner centralization [1].

Key Features & Highlights

• Scalability: Fast, low-cost and secure transactions on Matic side-chains 
• High Throughput: Achieved up to 10,000 TPS on a single side-chain on internal test-net
• User Experience: Smooth UX and developer abstraction from main-chain to Matic chain
• Security: Matic chain operators are themselves stakers in the PoS system
• Public Side-chains: Matic side-chains are public in nature (vs. individual DApp chains), permission-less and capable of supporting multiple protocols

Matic Network Wallet

Matic Network has it own wallet created. With Matic Network wallet you can send, receive and manage Ethereum-based ERC20 crypto tokens. It also allows you to interact with Web 3 based decentralized applications (DApps) powered by Ethereum. The wallet seems to support only ETH and MATIC tokens. The app has a 3.6 score in Google Play and 10,000+ installs so far (30/11/2020). The UI is decent and it can connect with Dapp applications through QR scans. It also integrates with WalletConnect. Matic Network  does not seem to have frequent updates as the last update of the wallet was on November 26, 2019.

Architecture Overview

Matic network consists of three core components:

• Heimdall
• Bor
• Contracts

Heimdall is the heart of the Matic system. It manages validators, block producer selection, spans, the state-sync mechanism between Ethereum and Matic and other essentials aspects of the system. The Bor node or the Block Producer implementation is basically the side-chain operator. For the Matic network's Proof of Security based consensus, all the proof verification and handling of staking, rewards are executed on the Ethereum smart contract [1].

Github Repository/Code Overview

Heimdall (28/Nov/2020):



Most recent change: 2 months

Oldest change: 2 years

Programming language used: GO

Installation process: Easy

Bor  (28/Nov/2020):

Most recent change: 8 days

Oldest change: 4 months

Programming language used: Go/ Shell Scripts

Open source third party components: Used 

Installation process: Easy

Contracts  (28/Nov/2020):

Most recent change: 5 days

Oldest change: 17 months

Programming language used: Go

Installation process: Easy

Note 1: External component dependencies for all components: npm, go1.11+, truffle, rabbitmq (including all related Ethereum tools).

Note 2: Developer documentation excellent. 

Before we continue, I think it would be better to say a few words on why Matic Network choose Go and if this choice is aligned with their goals. Go was designed at Google in 2007 to improve programming productivity in an era of multi-core, networked machines and large co-debases [17]. So the main goal of Go is not to build user interfaces (UI) and improve user experience (UX), something potentially desirable for DApp applications, but for speed through concurrency. So Go is used mainly for server programming, which does prove that Matic Network did make a good choice. The negative aspect of this choice is that Go is relatively new language, with multiple bugs (including security bugs). 

Security Considerations

Matic Network joined a bug bounty program in Hackerone 6 months ago for the test network. Since the company has joined the program seven security issues have been reported. The total bounties paid is $2000, and below we can see the reward scheme: 

• $300 for Low findings
• $1500 for Medium findings
• $3000 for High findings
• $5000 for Critical findings

Based on the total number of bounties paid we can safely assume that only low and maybe medium issues have been found. The interesting part is that the average time of first response (after initial security report is received) is 6 hours, which is fast. So far seven issues have been identified (seven successful submissions) and six have been resolved (meaning that most security issues are patched). 

Below we can see indicative examples of valid attacks that could be attempted on Matic Network:

• Double spend by getting the clients to accept a different chain
• Double spend by validating malicious blocks
• Tamper/manipulate blockchain history to invalidate transactions
• Cause network to mint tokens to own account
• Undermine consensus mechanism to split the chain
• Censorship (e.g. on votes)
• Steal tokens from node
• Prevent node from accessing the network
• Abuse bugs in the economic system to defraud other participants (e.g. avoid transaction fees to full nodes)
• DDOS attack
• Chain halt and shutting down the network

At this point, for the more technically savvy people, it does worth mentioning that in rabbitmq and GO programming language there are some vulnerabilities identified in certain versions, more specifically for GO[6]:

• Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling. - Medium
• The crypto/x509 package of Go before 1.10.6 and 1.11.x before 1.11.3 does not limit the amount of work performed for each chain verification, which might allow attackers to craft pathological inputs leading to a https://blog.bluzelle.com/layer-2-leader-matic-network-partners-with-bluzelle-to-provide-decentralized-data-storage-to-dapps-e9099011b1fbCPU denial of service. Go TLS servers accepting client certificates and TLS clients are affected. - High
• In Go before 1.10.6 and 1.11.x before 1.11.3, the "go get" command is vulnerable to remote code execution when executed with the -u flag and the import path of a malicious Go package, or a package that imports it directly or indirectly. - Critical

For rabbitmq [7]:

• Pivotal Spring AMQP, 1.x versions prior to 1.7.10 and 2.x versions prior to 2.0.6, expose a man-in-the-middle vulnerability due to lack of hostname validation.  - Medium
• An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.x before 1.6.12, and 1.7.x before 1.7.7. MQTT (MQ Telemetry Transport) connection authentication with a username/password pair succeeds if an existing username is provided but the password is omitted from the connection request. Connections that use TLS with a client-provided certificate are not affected.  - Medium
• CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.  - Medium
• Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.  - Medium
• RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.  - Medium

Conclusion

Finally after all this analysis the time has come to say my opinion on what is the verdict outcome. Below you can see the pros and cons based on the information collected:

PROS:

Here are my pros about Matic Network:

• As far as their business/social presence is concerned from me gets an 9 out of 10. Well designed site, clear businesses goals, strong community, good partnerships. 
• As far our their technology is concerned from me gets a 7 out of 10. Well documented technology good technologies adopted, easy to install software.
• As far as the token economics is concerned I will give it a 7 out of 10. The coin inflation is good.
• As far as the product information security posture is concerned, Matic Network demonstrates a healthy attitude, by participating in a well known bug bounty program. The code is publicly available and can be reviewed by anyone.
• Very well designed stacking mechanism and decent reward systems, this is a 9 out of 10 staking technology.

CONS:

Here are my cons about Matic Network:

• As far as their business goals are concerned Matic Network is entering multiple high competitive markets such as payments, gaming and DEX(s), instead of focusing in only one or similar markets (e.g. DEX(s) and payments).
• Utilizing the Matic Network token for payments, makes it not good as a value for storage asset (e.g. using it as a currency for retail usage, suppresses the token value).    
• The Matic Network wallet does not have a good rating in Google Play and it has not been updated since 2019.
• The technologies adapted from Matic Network, such as Go programming language, is relatively new and immature. This will later on translate to multiple functional and security bugs.       

Total score is: 8 out of 10 for long term investment and a 7 out of 10 for short term.

References:

• https://matic.network/ [1]
• https://academy.ivanontech.com/blog/defi-deep-dive-what-is-matic-network [2]
• https://cryptorank.io/ico/matic-network [3]
• https://etherscan.io/token/0x7D1AfA7B718fb893dB30A3aBc0Cfc608AaCfeBB0 [4]
• https://decryptionary.com/dictionary/hard-cap/#:~:text=Hard%20cap%20is%20defined%20as,selling%20them%20directly%20to%20people.[5]
• https://www.cvedetails.com/vulnerability-list/vendor_id-14185/product_id-29205/version_id-280800/Golang-GO-1.11.0.html [6]
• https://www.cvedetails.com/vulnerability-list/vendor_id-15183/product_id-30922/version_id-179125/Pivotal-Software-Rabbitmq-3.3.5.html [7]
• https://hackerone.com/matic-network/?type=team [8]
• https://www.globenewswire.com/news-release/2020/07/29/2069530/0/en/Blockchain-Foundry-and-Matic-Network-Establish-Partnership-to-Research-Blockchain-Interoperability.html [9]
• https://blog.matic.network/matic-partners-with-ankr-network/ [10]
• https://blog.bluzelle.com/layer-2-leader-matic-network-partners-with-bluzelle-to-provide-decentralized-data-storage-to-dapps-e9099011b1fb [11]
• https://medium.com/razor-network/razor-network-partners-with-matic-network-af6521b6771f [12]
• https://medium.com/powerpool/powerpool-x-matic-network-partnership-cf52b7301cae [13]
• https://www.meter.io/meter-matic-partnership/ [14]
• https://www.ledgerinsights.com/india-blockchain-accelerator-partners-matic-harmony-aeternity/ [15]
• https://www.crowdfundinsider.com/2020/10/167986-defi-protocol-mantra-dao-partners-matic-network-an-ethereum-layer-2-blockchain-scalability-solution-provider/ [16]
• https://en.wikipedia.org/wiki/Go_(programming_language) [17]
• https://www.stakingrewards.com/earn/matic-network?fbclid=IwAR0WSyOR9IEXwq9_X7HujeAE8yMwu3emYKmPCvxPF5Ooq9upxisQi3ogvnM [18]
• https://blog.matic.network/staking-on-matic-network-mainnet-is-now-live-how-to-delegate-matic/ [19]