Search

Search for projects by name

L2BEAT Bridges is a work in progress. You might find incomplete research or inconsistent naming. Join our Discord to suggest improvements!

Polygon PoS logoPolygon PoS

There are implementation changes and part of the information might be outdated.

About

Polygon PoS it the official bridge provided by the Polygon team to bridge assets from Ethereum to Polygon chain. The bridge is validated by Polygon validators and allows for asset as well as data movement between Polygon and Ethereum.


  • Total value locked
  • Destination
    Polygon
  • Validated by
    Destination Chain
  • Type
    Token Bridge

  • About

    Polygon PoS it the official bridge provided by the Polygon team to bridge assets from Ethereum to Polygon chain. The bridge is validated by Polygon validators and allows for asset as well as data movement between Polygon and Ethereum.


    Value Locked
    Risk summary
    This project includes unverified contracts. (CRITICAL)
    Technology

    Principle of operation

    This is a very typical Token Bridge that locks tokens in the escrow contracts on Ethereum and mints tokens on the Polygon network. When bridging back to Ethereum tokens are burned on Polygon and then released from the escrow on Ethereum.

    Outbound transfers are externally verified, inbound require merkle proof

    Note: This section requires more research and might not present accurate information.

    Validators on the Polygon network watch for events on Ethereum, and when they see that tokens have been locked they mint new tokens on Polygon. Around every 30 minutes validators submit new Polygon state checkpoints to the Ethereum smart contracts. To withdraw tokens, users need to present a merkle proof of a burn event that is verified against the checkpoints.

    • Users can be censored if validators on Polygon decide to not mint tokens after observing an event on Ethereum.

    • Funds can be stolen if validators decide to mint more tokens than there are locked on Ethereum thus preventing some existing holders from being able to bring their funds back to Ethereum.

    • Funds can be stolen if validators submit a fraudulent checkpoint allowing themselves to withdraw all locked funds.

    Destination tokens are upgradeable

    Note: This section requires more research and might not present accurate information.

    Tokens transferred end up as wrapped ERC20 proxies, some of them are upgradable. The contract is named UChildERC20Proxy.

    • Funds can be stolen if destination token contract is maliciously upgraded.

    Permissions

    The system uses the following set of permissioned addresses:

    PolygonMultisig 0xFa7D…b74c

    This is a Gnosis Safe with 5 / 9 threshold. Can propose and execute code upgrades.

    Those are the participants of the PolygonMultisig.

    Smart contracts
    Note: Contracts presented in this section had their implementations updated since the last time our team looked at this project. The information presented may be inaccurate.
    A diagram of the smart contract architecture
    A diagram of the smart contract architecture

    The system consists of the following smart contracts on the host chain (Ethereum):

    Contract storing Polygon PoS chain checkpoints. Note that validity of these checkpoints is not verified, it is assumed to be valid if signed by 2/3 of the Polygon Validators.

    Can be upgraded by:

    Upgrade delay: No delay

    StateSender 0x28e4…bFbE

    Smart contract allowing whitelisted addresses to send messages to contracts on Polygon PoS chain.

    StakingInfo 0xa59C…512B

    Contains logging and getter functions about staking on Polygon.

    SlashingManager 0x01F6…C96A

    A contract priviliged to slash validators in StakeManager via slash() method. The source code of this contract is not verified on Etherscan.

    Can be upgraded by:

    Upgrade delay: No delay

    Registry 0x33a0…cA71

    Maintains the addresses of the contracts used in the system.

    StateSender 0x28e4…bFbE

    Smart contract containing the logic for syncing the state of registered bridges to the other chain.

    Contract to deposit and escrow ETH, ERC20 or ERC721 tokens. Currently only used for POL. This contract can store any token.

    Can be upgraded by:

    Upgrade delay: No delay

    ERC20PredicateBurnOnly 0x626f…C966

    Contract used to initiate ERC20 token withdrawals. The function to handle Plasma proofs is empty, meaning exits cannot be challenged.

    ERC721PredicateBurnOnly 0x36C2…1d1b

    Contract used to initiate ERC721 token withdrawals. The function to handle Plasma proofs is empty, meaning exits cannot be challenged.

    Contains events used by other contracts in the system.

    Can be upgraded by:

    Upgrade delay: No delay

    NFTs used to represent a withdrawal in the withdrawal PriorityQueue (Only used for tokens initially deposited via DepositManager).

    Timelock 0xCaf0…8cEf

    Contract enforcing delay on code upgrades. The current delay is 0s.

    There are implementation changes and part of the information might be outdated.

    Main configuration contract to manage tokens, token types, escrows (predicates) for given token types. It also serves as an entry point for deposits and withdrawals effectively acting as a token router.

    Can be upgraded by:

    Upgrade delay: No delay

    Main configuration contract to manage stakers and their voting power and validate checkpoint signatures.

    Can be upgraded by:

    Upgrade delay: No delay

    Contract handling users’ withdrawal finalization for tokens escrowed in DepositManager.

    Can be upgraded by:

    Upgrade delay: No delay

    Value Locked is calculated based on these smart contracts and tokens:

    Can be upgraded by:

    Upgrade delay: No delay

    Can be upgraded by:

    Upgrade delay: No delay

    Can be upgraded by:

    Upgrade delay: No delay

    Generic escrow 0x21ad…D3E4
    Can be upgraded by:

    Upgrade delay: No delay

    Can be upgraded by:

    Upgrade delay: No delay

    Escrow for ETH 0xa45b…DDe8

    The current deployment carries some associated risks:

    • Funds can be stolen if a contract receives a malicious code upgrade. There is no delay on code upgrades (CRITICAL).

    • Funds can be stolen if the source code of unverified contracts contains malicious code (CRITICAL).

    Knowledge Nuggets