Scaling
Bridges
SummaryValue LockedDetailed descriptionRisk summaryTechnologyPermissionsSmart contracts

L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

Polygon "Plasma" logoPolygon "Plasma"

Polygon Plasma is the official bridge provided by the Polygon team to bridge MATIC tokens from Ethereum to Polygon chain.
  • Total value locked
    $932.99 M18.58%
  • Destination
    Polygon
  • Validated by
    Destination Chain
  • Type
    Token Bridge
    • Value Locked

    ...

    Detailed description

    Polygon Plasma is the official bridge provided by the Polygon team to bridge MATIC tokens from Ethereum to Polygon chain.

    Originally it was also used to bridge DAI, but now Polygon PoS bridge is recommended. Tokens are bridged to the same Polygon sidechain as if Polygon PoS bridge was used, the only difference is a required 7-day withdrawal delay. This delay was originally designed to allow users to challenge the withdrawal, however this functionality is not deployed.

    Risk summary
    This project includes unverified contracts. (CRITICAL)

    Funds can be stolen if

    1. validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL),
    2. validators submit a fraudulent checkpoint allowing themselves to withdraw all locked funds (CRITICAL),
    3. a contract receives a malicious code upgrade. There is a 48 hours delay on code upgrades,
    4. the source code of unverified contracts contains malicious code (CRITICAL).

    Users can be censored if

    1. validators on Polygon decide to not mint tokens after observing an event on Ethereum (CRITICAL).
    Note: This project's overview requires more research and might not present accurate information. If you want to contribute you can edit the information on Github. Alternatively you contact the project team on Twitter and encourage them to contribute a PR.
    Technology

    Principle of operation

    This is a very typical Token Bridge that locks tokens in the escrow contracts on Ethereum and mints tokens on the Polygon network. When bridging back to Ethereum tokens are burned on Polygon and then released from the escrow on Ethereum. There is no exit delay since the challenge system is not implemented.

    Outbound transfers are externally verified, inbound require merkle proof

    Note: This section requires more research and might not present accurate information.

    Validators on the Polygon network watch for events on Ethereum and when they see that tokens have been locked they mint new tokens on Polygon. Validators periodically submit new Polygon state checkpoints to the Ethereum smart contracts. To withdraw tokens users need to present a merkle proof of a burn event that is verified against the checkpoints.

    • Users can be censored if validators on Polygon decide to not mint tokens after observing an event on Ethereum (CRITICAL).

    • Funds can be stolen if validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).

    • Funds can be stolen if validators submit a fraudulent checkpoint allowing themselves to withdraw all locked funds (CRITICAL).

    Destination tokens

    If the MATIC ERC20 token is bridged, the native MATIC token is minted on Polygon sidechain.

    Permissions

    The system uses the following set of permissioned addresses:

    PolygonMultisig 0xFa7D…b74c

    Can propose and execute code upgrades via Timelock contract. This is a Gnosis Safe with 5 / 9 threshold.

    PolygonMultisig participants 0xA749…c3Cc0x1aE0…85290x0D26…7b030xD0FD…3C9a0x3941…e1b60xb771…6ab50x803B…8F250x80D6…bF3a0x8Eab…d602

    Those are the participants of the PolygonMultisig.

    Smart contracts

    The system consists of the following smart contracts:

    StateSender 0x28e4…bFbE

    Smart contract containing the logic for syncing the state of registered bridges.

    RootChain 0x86E4…C287Implementation (Upgradable)

    Contract storing Polygon sidechain checkpoints. Note that the validity of the checkpoints is not verified, it is assumed to be valid if signed by 2/3 of the Polygon Validators.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    DepositManager 0x401F…188bImplementation (Upgradable)

    Contract used to deposit ETH, ERC20 or ERC721 tokens. This contract stores the following tokens: MATIC, DAI.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    WithdrawManager 0x2A88…5922Implementation (Upgradable)

    Contract handling users’ withdrawal finalization.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    ERC20PredicateBurnOnly 0x158d…Ce95

    Contract used to initiate ERC20 token withdrawals. The function to handle Plasma proofs is empty, meaning exits cannot be challenged.

    ERC721PredicateBurnOnly 0x5415…F49B

    Contract used to initiate ERC721 token withdrawals. The function to handle Plasma proofs is empty, meaning exits cannot be challenged.

    Registry 0x33a0…cA71

    Contract maintaining the addresses of the contracts used in the system.

    StakeManager 0x5e3E…D908Implementation (Upgradable)Extension (Upgradable)

    Contract managing the staker network and that checks checkpoints signatures.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    Governance 0x6e7a…CE48Implementation (Upgradable)

    Contract used to manage permissions in the system. It consists of a single owner: the PolygonMultisig.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    EventsHub 0x6dF5…086bImplementation (Upgradable)

    Contains events used by other contracts.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    StakingInfo 0xa59C…512B

    Contains logging and getter functions regarding the staking network.

    ValidatorShareFactory 0xc4FA…b642

    Contract used to create ValidatorShare contracts.

    ValidatorShare 0xf988…AB31

    Contract used to delegate to a validator.

    ExitNFT 0xDF74…BAca

    NFTs used to represent an exit.

    SlashingManager 0x01F6…C96A

    The source code of this contract is not verified on Etherscan.

    ChildChain 0xD9c7…4861

    The source code of this contract is not verified on Etherscan.

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is a 48 hours delay on code upgrades.

    • Funds can be stolen if the source code of unverified contracts contains malicious code (CRITICAL).

    If you find something wrong on this page you can submit an issue or edit the information