L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our discord to suggest improvements!

Polygon PoS logoPolygon PoS

Polygon PoS it the official bridge provided by the Polygon team to bridge assets from Ethereum to Polygon chain. The bridge is validated by Polygon validators and allows for asset as well as data movement between Polygon and Ethereum.
  • Total value locked
    $2.74 B3.39%
  • Destination
    Polygon
  • Validated by
    Destination Chain
  • Type
    Token Bridge
  • ...

    Tokens

    Choose token

    Bridged Tokens (Top 15)

    Tether USD (USDT)
    Ether (ETH)
    Wrapped BTC (WBTC)
    USD Coin (USDC)
    Dai Stablecoin (DAI)
    SAND (SAND)
    Telcoin (TEL)
    PYR Token (PYR)
    PlayDapp Token (PLA)
    Wrapped liquid staked Ether 2.0 (wstETH)
    ChainLink Token (LINK)
    Aave Token (AAVE)
    Render Token (RNDR)
    Graph Token (GRT)
    Wootrade Network (WOO)
    Risk summary
    Technology

    Principle of operation

    This is a very typical Token Bridge that locks tokens in the escrow contracts on Ethereum and mints tokens on the Polygon network. When bridging back to Ethereum tokens are burned on Polygon and then released from the escrow on Ethereum.

    Outbound transfers are externally verified, inbound require merkle proof

    Note: This section requires more research and might not present accurate information.

    Validators on the Polygon network watch for events on Ethereum and when they see that tokens have been locked they mint new tokens on Polygon. Around every 30 minutes validators submit new Polygon state checkpoints to the Ethereum smart contracts. To withdraw tokens users need to present a merkle proof of a burn event that is verified against the checkpoints.

    • Users can be censored if validators on Polygon decide to not mint tokens after observing an event on Ethereum (CRITICAL).

    • Funds can be stolen if validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum (CRITICAL).

    • Funds can be stolen if validators submit a fraudulent checkpoint allowing themselves to withdraw all locked funds (CRITICAL).

    Destination tokens are upgradeable

    Note: This section requires more research and might not present accurate information.

    Tokens transferred end up as wrapped ERC20 proxies, some of them are upgradable. The contract is named UChildERC20Proxy.

    • Funds can be stolen if destination token contract is maliciously upgraded (CRITICAL).

    Permissions

    The system uses the following set of permissioned addresses:

    PolygonMultisig 0xFa7D…b74c

    Can propose and execute code upgrades via Timelock contract. This is a Gnosis Safe with 5 / 9 threshold.

    Used in:

    Project icon

    Those are the participants of the PolygonMultisig.

    Smart contracts

    The system consists of the following smart contracts on the host chain (Ethereum):

    StateSender 0x28e4…bFbE

    Smart contract containing the logic for syncing the state of registered bridges.

    Implementation used in:

    Project icon

    Main contract to manage bridge tokens, deposits and withdrawals.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    Contract storing Polygon sidechain checkpoints. Note that validity of these checkpoints is not verified, it is assumed to be valid if signed by 2/3 of the Polygon Validators.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    Proxy used in:

    Project icon
    Timelock 0xCaf0…8cEf

    Contract enforcing delay on code upgrades. The current delay is 2d.

    Escrow contract for ETH. This contract stores the following tokens: ETH.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    Escrow contract for ERC20 tokens. This contract can store any token.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    Escrow contract for mintable ERC20 tokens.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    ERC20EscrowPredicate 0x21ad…D3E4

    Escrow contract for ERC20 tokens. This contract can store any token.

    ERC20MintBurnPredicate 0x436f…0cB5

    Escrow contract for ERC20 tokens that can be minted and burned.

    Escrow contract for ERC721 tokens.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    Escrow contract for ERC1155 tokens.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    Escrow contract for mintable ERC1155 tokens.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    Escrow contract for ERC1155 tokens.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    UnstoppableDomainsPredicate 0x9325…F2b7Implementation (Upgradable)

    Escrow contract for Unstoppable Domains NFTs.

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    Value Locked is calculated based on these smart contracts and tokens:

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    Generic escrow 0x21ad…D3E4

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    Can be upgraded by: PolygonMultisig

    Upgrade delay: 2d

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is a 48 hours delay on code upgrades.

    Knowledge Nuggets