Polygon "Plasma"

Website	polygon.technology
App	wallet.polygon.technology
Explorer	polygonscan.com
Repository	github.com/maticnetwork
Social	@0xPolygon forum.polygon.technology r/0xPolygon facebook.com/0xPolygon.Technology 0xpolygon PolygonTV 0xpolygon

Description

Polygon Plasma is the official bridge provided by the Polygon team to bridge MATIC tokens from Ethereum to Polygon chain. Originally it was also used to bridge DAI, but now Polygon PoS bridge is recommended. Tokens are bridged to the same Polygon sidechain as if Polygon PoS bridge was used, the only difference is a required 7-day withdrawal delay. This delay was originally designed to allow users to challenge the withdrawal, however this functionality is not deployed.

If you find something wrong on this page you can submit an issue or edit the information.

Risk summary

Funds can be stolen if

validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL),
validators submit a fraudulent checkpoint allowing themselves to withdraw all locked funds (CRITICAL),
a contract receives a malicious code upgrade. There is a 48 hours delay on code upgrades.

Users can be censored if

validators on Polygon decide to not mint tokens after observing an event on Ethereum (CRITICAL).

Note: This project's overview requires more research and might not present accurate information. If you want to contribute you can edit the information on Github. Alternatively you contact the project team on Twitter and encourage them to contribute a PR.

Technology

Principle of operation

This is a very typical Token Bridge that locks tokens in the escrow contracts on Ethereum and mints tokens on the Polygon network. When bridging back to Ethereum tokens are burned on Polygon and then released from the escrow on Ethereum. The withdrawal process includes 7-day delay.

Outbound transfers are externally verified, inbound require merkle proof

Note: This section requires more research and might not present accurate information.

Validators on the Polygon network watch for events on Ethereum and when they see that tokens have been locked they mint new tokens on Polygon. Every 30 minutes validators submit new Polygon state checkpoints to the Ethereum smart contracts. To withdraw tokens users need to present a merkle proof of a burn event that is verified against the checkpoints.

Users can be censored if validators on Polygon decide to not mint tokens after observing an event on Ethereum (CRITICAL).
Funds can be stolen if validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).
Funds can be stolen if validators submit a fraudulent checkpoint allowing themselves to withdraw all locked funds (CRITICAL).

Destination tokens

If MATIC ERC20 token is bridged, the native MATIC token is minted on Polygon sidechain.

Permissions

The system uses the following set of permissioned addresses:

Polygon MultiSig 0xFa7D…b74c

Can propose and execute code upgrades on escrows via Timelock contract.

MultiSig Participants 0x0D26…7b03 0x1aE0…8529 0x3941…e1b6 0x803B…8F25 0x8Eab…d602 0xA749…c3Cc 0xD0FD…3C9a 0xFb9a…489f 0xb771…6ab5

Participants of the 5/9 Polygon MultiSig.

Smart Contracts

The system consists of the following smart contracts:

Deposit Manager 0x401F…188b Implementation (Upgradable)Admin

Escrow contract for MATIC and DAI. This contract stores the following tokens: MATIC, DAI.

Withdraw Manager 0x2A88…5922 Implementation (Upgradable)Admin

Contract handling completion of user withdrawal requests after the 7-day delay.

ERC20PredicateBurnOnly 0x158d…Ce95

Contract allowing users to start the withdrawal process. It should also exit challenges, however with empty verifyDeprecation() method no challenges are supported.

The current deployment carries some associated risks:

Funds can be stolen if a contract receives a malicious code upgrade. There is a 48 hours delay on code upgrades.