Polygon PoS – L2BEAT

Website	polygon.technology
App	wallet.polygon.technology
Explorer	polygonscan.com
Repository	github.com/maticnetwork
Social	@0xPolygon forum.polygon.technology r/0xPolygon facebook.com/0xPolygon.Technology 0xpolygon PolygonTV 0xpolygon

Funds can be stolen if

validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL),
validators submit a fraudulent checkpoint allowing themselves to withdraw all locked funds (CRITICAL),
destination token contract is maliciously upgraded (CRITICAL),
a contract receives a malicious code upgrade. There is a 48 hours delay on code upgrades.

Users can be censored if

validators on Polygon decide to not mint tokens after observing an event on Ethereum (CRITICAL).

Principle of operation

This is a very typical Token Bridge that locks tokens in the escrow contracts on Ethereum and mints tokens on the Polygon network. When bridging back to Ethereum tokens are burned on Polygon and then released from the escrow on Ethereum.

Outbound transfers are externally verified, inbound require merkle proof

Note: This section requires more research and might not present accurate information.

Validators on the Polygon network watch for events on Ethereum and when they see that tokens have been locked they mint new tokens on Polygon. Around every 30 minutes validators submit new Polygon state checkpoints to the Ethereum smart contracts. To withdraw tokens users need to present a merkle proof of a burn event that is verified against the checkpoints.

Users can be censored if validators on Polygon decide to not mint tokens after observing an event on Ethereum (CRITICAL).
Funds can be stolen if validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).
Funds can be stolen if validators submit a fraudulent checkpoint allowing themselves to withdraw all locked funds (CRITICAL).

Destination tokens are upgradeable

Note: This section requires more research and might not present accurate information.

Tokens transferred end up as wrapped ERC20 proxies, some of them are upgradable. The contract is named UChildERC20Proxy.

Funds can be stolen if destination token contract is maliciously upgraded (CRITICAL).

Permissions

The system uses the following set of permissioned addresses:

PolygonMultisig 0xFa7D…b74c

Can propose and execute code upgrades via Timelock contract. This is a Gnosis Safe with 5 / 9 threshold.

PolygonMultisig participants 0xA749…c3Cc 0x1aE0…8529 0x0D26…7b03 0xD0FD…3C9a 0x3941…e1b6 0xb771…6ab5 0x803B…8F25 0x80D6…bF3a 0x8Eab…d602

Those are the participants of the PolygonMultisig.

Smart contracts

The system consists of the following smart contracts:

StateSender 0x28e4…bFbE

Smart contract containing the logic for syncing the state of registered bridges.

RootChainManager 0xA0c6…7C77 Implementation (Upgradable)

Main contract to manage bridge tokens, deposits and withdrawals.

Can be upgraded by: PolygonMultisig

Upgrade delay: 2d

RootChain 0x86E4…C287 Implementation (Upgradable)

Contract storing Polygon sidechain checkpoints. Note that validity of these checkpoints is not verified, it is assumed to be valid if signed by 2/3 of the Polygon Validators.

Can be upgraded by: PolygonMultisig

Upgrade delay: 2d

Timelock 0xCaf0…8cEf

Contract enforcing delay on code upgrades. The current delay is 2d.

EtherPredicate 0x8484…2B30 Implementation (Upgradable)

Escrow contract for ETH. This contract stores the following tokens: ETH.

Can be upgraded by: PolygonMultisig

Upgrade delay: 2d

ERC20Predicate 0x40ec…bbDf Implementation (Upgradable)

Escrow contract for ERC20 tokens. This contract can store any token.

Can be upgraded by: PolygonMultisig

Upgrade delay: 2d