Search

Search for projects by name

SummaryValue SecuredActivityOnchain costsLivenessMilestones & IncidentsRisk summaryRisk analysisRollup stageData availabilityState derivationState validationOperatorWithdrawalsOther considerationsUpgrades & GovernancePermissionsSmart contracts

Polygon zkEVM logoPolygon zkEVM

Badges

About

Polygon zkEVM is an EVM-compatible ZK Rollup built by Polygon Labs.

Value secured
$26.22 M13.6%
Canonically Bridged
$23.69 M
Natively Minted
$1.92 M
Externally Bridged
$608.05 K
View TVS Breakdown
  • Tokens
  • Past day UOPS
    0.0612.1%
  • 30D ops count
    153.43 K
  • Gas token
    ETH
  • Stage
  • Type
    ZK Rollup
  • Purpose
    Universal
    • Sequencer failureState validationData availabilityExit windowProposer failure
    Explore more in Discovery UI

    Badges

    About

    Polygon zkEVM is an EVM-compatible ZK Rollup built by Polygon Labs.

    Value Secured

    2024 May 24 — 2025 May 24

    Total value securedTotal
    $26.22 M13.6%
    Canonically BridgedCanonically Bridged ValueCanonical
    $23.69 M14.8%
    Natively MintedNatively Minted TokensNative
    $1.92 M0.85%
    Externally BridgedExternally Bridged ValueExternal
    $608.05 K0.01%
    View TVS breakdown
    Activity

    2024 May 24 — 2025 May 23

    Onchain costs

    The section shows the operating costs that L2s pay to Ethereum.

    2024 May 24 — 2025 May 23

    1 year total cost
    $1.47 M
    Avg cost per L2 UOP
    $0.321288
    Liveness

    The chart illustrates how "live" the project's operators are by displaying how frequently they submit transactions of the selected type and if these intervals deviate from their typical schedule.

    2025 Apr 24 — May 24

    30D avg. tx data subs. interval
    28 minutes
    30D avg. proof subs. interval
    10 minutes
    30D avg. state updates interval
    10 minutes
    Past 30 days anomalies
    Milestones & Incidents

    Polygon zkEVM Etrog upgrade

    2024 Feb 13th

    Polygon zkEVM is upgraded to the Polygon Etrog version.

    Learn more

    Polygon zkEVM Mainnet Beta is Live

    2023 Mar 27th

    Polygon zkEVM public beta launched.

    Learn more
    Risk summary
    The forced transaction mechanism is currently disabled.

    Funds can be lost if

    1. the accounting proof system for the bridge (pessimistic proofs, SP1) is implemented incorrectly,
    2. the proof system is implemented incorrectly.

    Funds can be frozen if

    1. the sequencer refuses to include an exit transaction (CRITICAL).

    Users can be censored if

    1. the operator refuses to include their transactions.

    MEV can be extracted if

    1. the operator exploits their centralized position and frontruns user transactions.
    Risk analysis
    The forced transaction mechanism is currently disabled.
    Sequencer failureState validationData availabilityExit windowProposer failure
    Sequencer failure
    No mechanism

    There is no mechanism to have transactions be included if the sequencer is down or censoring. Although the functionality exists in the code, it is currently disabled.

    State validation
    ZK proofs (ST, SN)

    STARKs and SNARKs are zero knowledge proofs that ensure state correctness. STARKs proofs are wrapped in SNARKs proofs for efficiency. SNARKs require a trusted setup.

    Data availability
    Onchain

    All of the data needed for proof construction is published on Ethereum L1. Unlike most ZK rollups transactions are posted instead of state diffs.

    Exit window
    None
    The Security Council can remove the delay on upgrades.

    Even though there is a 3d Timelock for upgrades, forced transactions are disabled.

    Proposer failure
    Cannot withdraw

    Only the whitelisted proposers can publish state roots on L1, so in the event of failure the withdrawals are frozen.

    Rollup stagePolygon zkEVMPolygon zkEVM is a
    Stage 0
    ZK Rollup.

    Learn more about Rollup stages
    Please keep in mind that these stages do not reflect rollup security, this is an opinionated assessment of rollup maturity based on subjective criteria, created with a goal of incentivizing projects to push toward better decentralization. Each team may have taken different paths to achieve this goal.
    Data availability

    All transaction data is recorded on chain

    All executed transactions are submitted to an on chain smart contract. The execution of the rollup is based entirely on the submitted transactions, so anyone monitoring the contract can know the correct state of the rollup chain.

    1. PolygonZkEVM.sol - Etherscan source code, sequenceBatches() function
    Learn more about the DA layer here: Ethereum logoEthereum
    State derivation
    Node software

    Node software can be found here and here. The cdk-erigon node is the more recent implementation.

    Compression scheme

    No compression scheme is used.

    Genesis state

    The genesis state, whose corresponding root is accessible as Batch 0 root in the _legacyBatchNumToStateRoot variable of PolygonRollupManager, is available here.

    Data format

    The trusted sequencer batches transactions according to the specifications documented here.

    State validation

    Each update to the system state must be accompanied by a ZK proof that ensures that the new state was derived by correctly applying a series of valid user transactions to the previous state. These proofs are then verified on Ethereum by a smart contract.

    Prover Architecture

    Polygon zkEVM proof system PIL-STARK can be found here.

    ZK Circuits

    Polygon zkEVM circuits are built from PIL (polynomial identity language) and are designed to replicate the behavior of the EVM. The source code can be found here.

    • Funds can be lost if the proof system is implemented incorrectly.

    Verification Keys Generation

    SNARK verification keys can be generated and checked against the Ethereum verifier contract using this guide. The system requires a trusted setup.

    Pessimistic Proofs

    The pessimistic proofs that are used to prove correct accounting in the shared bridge are using the SP1 zkVM by Succinct.

    Operator

    The system has a centralized sequencer

    Only a trusted sequencer is allowed to submit transaction batches. A mechanism for users to submit their own batches is currently disabled.

    • MEV can be extracted if the operator exploits their centralized position and frontruns user transactions.

    • Funds can be frozen if the sequencer refuses to include an exit transaction (CRITICAL).

    1. PolygonZkEVM.sol - source code, onlyTrustedSequencer modifier

    Users can't force any transaction

    The mechanism for allowing users to submit their own transactions is currently disabled.

    • Users can be censored if the operator refuses to include their transactions.

    1. PolygonZkEVM.sol - source code, forceBatchAddress address
    Withdrawals

    Regular messaging

    The user initiates L2->L1 messages by submitting a regular transaction on this chain. When the block containing that transaction is settled, the message becomes available for processing on L1. ZK proofs are required to settle blocks.

    1. PolygonSharedBridge.sol - source code, claimAsset function
    Other considerations

    Shared bridge and Pessimistic Proofs

    Polygon Agglayer uses a shared bridge escrow for Rollups, Validiums and external chains that opt in to participate in interoperability. Each participating chain needs to provide zk proofs to access any assets in the shared bridge. In addition to the full execution proofs that are used for the state validation of Rollups and Validiums, accounting proofs over the bridges state (Polygon calls them ‘Pessimistic Proofs’) are used by external chains (‘cdk-sovereign’). Using the SP1 zkVM by Succinct, projects without a full proof system on Ethereum are able to share the bridge with the zkEVM Agglayer projects.

    • Funds can be lost if the accounting proof system for the bridge (pessimistic proofs, SP1) is implemented incorrectly.

    1. Pessimistic Proof - Polygon Knowledge Layer
    2. Etherscan: PolygonRollupManager.sol - verifyPessimisticTrustedAggregator() function
    Upgrades & Governance
    A diagram of the upgrades and governance
    A diagram of the upgrades and governance

    The regular upgrade process for all system contracts (shared and L2-specific) starts at the PolygonAdminMultisig. For the shared contracts, they schedule a transaction that targets the ProxyAdmin via the Timelock, wait for 3d and then execute the upgrade. An upgrade of the Layer 2 specific rollup- or validium contract requires first adding a new rollupType through the Timelock and the RollupManager (defining the new implementation and verifier contracts). Now that the rollupType is created, either the local admin or the PolygonAdminMultisig can immediately upgrade the local system contracts to it.

    The PolygonSecurityCouncil can expedite the upgrade process by declaring an emergency state. This state pauses both the shared bridge and the PolygonRollupManager and allows for instant upgrades through the timelock. Accordingly, instant upgrades for all system contracts are possible with the cooperation of the SecurityCouncil. The emergency state has been activated 1 time(s) since inception.

    Furthermore, the PolygonAdminMultisig is permissioned to manage the shared trusted aggregator (proposer and prover) for all participating Layer 2s, deactivate the emergency state, obsolete rolupTypes and manage operational parameters and fees in the PolygonRollupManager directly. The local admin of a specific Layer 2 can manage their chain by choosing the trusted sequencer, manage forced batches and set the data availability config. Creating new Layer 2s (of existing rollupType) is outsourced to the PolygonCreateRollupMultisig but can also be done by the PolygonAdminMultisig. Custom non-shared bridge escrows have their custom upgrade admins listed in the permissions section.

    Permissions
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    Disco UI BannerExplore in Disco

    Ethereum

    Roles:

    Sequencer 0x148E…2800

    Allowed to commit transactions from the current layer to the host chain.

    Trusted Aggregator (Proposer) (2) 0x20A5…51dE0x6329…f7ab

    Permissioned to post new state roots and global exit roots accompanied by ZK proofs.

    Actors:

    PolygonAdminMultisig 0x242d…3e21
    • A Multisig with 2/3 threshold.
    • Can upgrade with 3d delay
      • PolygonSharedBridge
        via - acting via Timelock with 3d delay (no delay if in emergency state) → SharedProxyAdmin
      • PolygonRollupManager
        via - acting via Timelock with 3d delay (no delay if in emergency state) → SharedProxyAdmin
      • PolygonGlobalExitRootV2
        via - acting via Timelock with 3d delay (no delay if in emergency state) → SharedProxyAdmin
    • Can interact with PolygonRollupManager
      • deploy new projects that use predefined rollup types (implementations) and connect them to the PolygonRollupManager
      • manage all access control roles, add new rollup types (which are implementation contracts that can then be upgraded to by connected projects), update any connected projects to new rollup types and rollback batches, connect existing rollups to the PolygonRollupManager with 3d delay
        via - acting via Timelock with 3d delay (no delay if in emergency state)
      • manage parameters like fees for all connected projects, set the trusted aggregator, stop the emergency state, update projects and obsolete rollup types
    • Can interact with Timelock
      • propose, cancel and execute transactions in the timelock, manage all access control roles and change the minimum delay with 6d delay or with 3d delay
        via - acting via Timelock with 3d delay (no delay if in emergency state) with 3d delay (no delay if in emergency state) - or - acting directly with 3d delay (no delay if in emergency state)

    Participants (3):

    0x4c16…88910xA0B0…f2270xEad7…9dB2
    Used in:
    PolygonSecurityCouncil 0x37c5…Dcb6
    • A Multisig with 6/8 threshold.
    • Can interact with PolygonRollupManager
      • activate the emergency state in the PolygonRollupManager and in the shared bridge immediately, effectively pausing all projects connected to them and making system contracts instantly upgradable

    Participants (8):

    0xFe45…2e4b0xaF46…261D0xBDc2…FEFf0x4c16…88910x3ab9…D6220x49c1…0E860x9F7d…86A00x2188…1C28
    Used in:
    PolygonCreateRollupMultisig 0xC74e…79dB
    • A Multisig with 3/8 threshold.
    • Can interact with PolygonRollupManager
      • deploy new projects that use predefined rollup types (implementations) and connect them to the PolygonRollupManager

    Participants (8):

    0x3038…D3b50xa439…AE310xD947…fCFC0xCE27…AaAc0x0B84…Ca770x0185…22A60x7316…44960xC8aa…39e9
    Used in:
    Polygon zkEVM Multisig 0xf694…E904
    • A Multisig with 5/10 threshold.
    • Can upgrade with no delay
      • daiBridge
      • usdcBridge
      • wstETHBridge

    Participants (10):

    0x0991…42c30xb771…6ab50xD099…48D40xc459…5D1D0xE6Ee…d43a0xd1B8…52240xF53D…065F0xf56A…7F8f0x4DE4…44ed0x4E83…032E
    Smart contracts
    A dashboard to explore contracts and permissions
    Go to Disco
    Disco UI Banner
    Disco UI BannerExplore in Disco
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    Ethereum

    PolygonZkEVM 0x519E…0987Implementation (Upgradable)Admin

    The main system contract defining the polygon zkEVM Layer 2 logic. Entry point for sequencing batches.

    • Roles:
      • trustedSequencer: EOA 1
    Verifier 0xc521…2883

    Verifies ZK proofs for state roots of this Layer 2 via the PolygonRollupManager.

    PolygonSharedBridge 0x2a3D…2EDeImplementation (Upgradable)Admin

    The shared bridge contract, escrowing user funds sent to Layer 2s perticipating in the AggLayer. It is mirrored on each L2 and can be used to transfer both ERC20 assets and arbitrary messages.

    • Roles:
      • admin: SharedProxyAdmin; ultimately PolygonAdminMultisig
    • This contract can store any token.
    Can be upgraded by:
    PolygonAdminMultisig with 3d delay
    Proxy used in:
    PolygonRollupManager 0x5132…7aB2Implementation (Upgradable)Admin

    The central shared managing contract for Layer 2s on the Polygon AggLayer. This contract receives L2 state roots as well as ZK proofs. All connected Layer 2s can be globally paused by activating the ‘Emergency State’. This can be done by the PolygonSecurityCouncil or by anyone after 1 week of inactive verifiers.

    • Roles:
      • admin: SharedProxyAdmin; ultimately PolygonAdminMultisig
      • createRollup: PolygonAdminMultisig, PolygonCreateRollupMultisig
      • defaultAdmin: Timelock; ultimately PolygonAdminMultisig
      • emergencyCouncilAdmin: PolygonSecurityCouncil
      • trustedAggregator: EOA 2, EOA 3
      • tweakParameters: PolygonAdminMultisig
    Can be upgraded by:
    PolygonAdminMultisig with 3d delay
    Proxy used in:
    PolygonGlobalExitRootV2 0x580b…3CFbImplementation (Upgradable)Admin

    A merkle tree storage contract aggregating state roots of each participating Layer 2, thus creating a single global merkle root representing the global state of the AggLayer, the ‘global exit root’. The global exit root is synchronized to all connected Layer 2s to help with their interoperability.

    • Roles:
      • admin: SharedProxyAdmin; ultimately PolygonAdminMultisig
    Can be upgraded by:
    PolygonAdminMultisig with 3d delay
    Proxy used in:
    Timelock 0xEf14…A4EF

    A timelock with access control. In the case of an activated emergency state in the PolygonRollupManager, all transactions through this timelock are immediately executable. The current minimum delay is 3d.

    • Roles:
      • timelockAdmin: PolygonAdminMultisig (no delay if in emergency state), Timelock (no delay if in emergency state); ultimately PolygonAdminMultisig (no delay if in emergency state)
    Proxy used in:
    daiBridge 0x4A27…Db98Implementation (Upgradable)Admin

    Custom Bridge escrow for DAI bridged to PolygonZkEVM allowing for a custom L2 tokens contract.

    • Roles:
      • admin: Polygon zkEVM Multisig
    • This contract stores the following tokens: DAI, sDAI.
    Can be upgraded by:
    Polygon zkEVM Multisig with no delay
    usdcBridge 0x70E7…55eBImplementation (Upgradable)Admin

    Custom Bridge escrow for USDC bridged to PolygonZkEVM allowing for a custom L2 tokens contract.

    • Roles:
      • admin: Polygon zkEVM Multisig
    • This contract stores the following tokens: USDC.
    Can be upgraded by:
    Polygon zkEVM Multisig with no delay
    wstETHBridge 0xf0CD…2C01Implementation (Upgradable)Admin

    Custom Bridge escrow for wstETH bridged to PolygonZkEVM allowing for a custom L2 tokens contract.

    • Roles:
      • admin: Polygon zkEVM Multisig
    • This contract stores the following tokens: wstETH.
    Can be upgraded by:
    Polygon zkEVM Multisig with no delay
    SharedProxyAdmin 0x0F99…CC4A
    • Roles:
      • owner: Timelock
    Proxy used in:

    Value Secured is calculated based on these smart contracts and tokens:

    Generic escrow 0x2a3D…2EDeImplementation (Upgradable)Admin
    Proxy used in:
    Escrow for DAI, sDAI 0x4A27…Db98Implementation (Upgradable)Admin

    Custom Bridge escrow for DAI bridged to PolygonZkEVM allowing for a custom L2 tokens contract.

    Escrow for USDC 0x70E7…55eBImplementation (Upgradable)Admin

    Custom Bridge escrow for USDC bridged to PolygonZkEVM allowing for a custom L2 tokens contract.

    Escrow for wstETH 0xf0CD…2C01Implementation (Upgradable)Admin

    Custom Bridge escrow for wstETH bridged to PolygonZkEVM allowing for a custom L2 tokens contract.

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is a 3d delay on code upgrades unless upgrade is initiated by the PolygonSecurityCouncil in which case there is no delay.