Is Polygon safu? Critics: Multisig isn’t secure enough, $5B in jeopardy
A debate around the safety of the Polygon network is on the rise. Critics accuse the Polygon network to be insecure and centralized. Polygon is aware multisigs are not ideal and is planning to remove them.
Polygon is perhaps the most popular alternative to transacting directly on the Ethereum baselayer (L1), giving users the opportunity to do fast transactions with low fees. Polygon (MATIC) is best known as a so-called side-chain to Ethereum, i.e. an Ethereum Virtual Machine (EVM) compatible blockchain running its own set of validator nodes. However, the Polygon team has also invested heavily in pure Layer-2 technology, and provides services such as the zk-STARKs based Miden scaling solution.
Of course, with success comes the responsibility to safeguard all the funds that users are pouring into the network. In a tweet thread, Justin Bons, Founder & CIO of Cyber Capital, accuses the Polygon team of employing lax security measures, primarily around the Polygon smart contract multisig contract which controls the Polygon smart contract admin key. This key, in turn, controls over $5 billion of funds, according to Bons.
1/14) Polygon in its current state is insecure & centralized!
It would only take 5 people to compromise over $5B!
4 of those people are the founders of Poly!
This is one of the largest hacks or exit scams just waiting to happen
Reckless & irresponsible, a warning to the wise:
— Justin Bons (@Justin_Bons) February 12, 2022
“Polygon in its current state is insecure and centralized! It would only take five people to compromise over $5 billion! Four of those people are the founders of Polygon! This is one of the largest hacks or exit scams just waiting to happen,” Bons tweets
“The Polygon team can gain complete control over Polygon”
“The Polygon smart contract admin key is controlled by a five out of eight multi-signature contract. This means that the Polygon [team] can gain complete control over Polygon with only one of the four outside parties conspiring. The other four parties in the multisig were also selected by Polygon,” Bons continues.
According to Bons, this also means that these four other parties “are not exactly impartial.” Control over the contract admin key equals the power to change the rules. At which point “anything becomes possible.” Including emptying out the entire Polygon contract.
Some critique is also pointed at Polygon’s alleged lack of transparency. This is not the first time Polygon’s alleged opaqueness is on the table. Chris Blec at DeFi Watch previously sent a request to the Polygon team asking for clarity. According to both Bons and Blec, Polygon did not answer Blec’s request.
However, the Polygon team is not all silent on the matter as questions of this type have arisen before. The team has previously published a multisig transparency report to bring clarity to the matter. In a response to Bons’ tweet, Mihailo Bjelic, co-founder of Polygon, indirectly confirms the multisig worries as Polygon is “working towards removing them”. The multisig was implemented at an “early phase” and is apparently not an ideal solution as the system grows.
1/9 The usage of multisigs has been addressed many times. Mainly for the sake of newcomers, let's cover the key points once again.
TL;DR: Multisigs are used to increase security, not to decrease it. Polygon is responsibly using them, and we are working towards removing them. https://t.co/vSlSQUaRmX
— Mihailo Bjelic (@MihailoBjelic) February 14, 2022
“They [multisigs] are considered the optimal approach to secure user funds in the early phases of development and are used by almost every scaling and bridging project.”
Bjelic points to the transparency report detailing the “plan to improve and eventually remove multisigs.” Bjelic then addresses some of the points in Bons’ tweet.
“Exit scam is not a realistic concern for Polygon”
According to BjelicI, an exit scam is not a realistic concern for Polygon; multisigs are used to protect users from hacks, and Polygon is using the multisig the way it does because they are being responsible, contrary to the accusations.
As per Bons’ critique, a five out of eight multisig is “wholefully insufficient” for protecting as much as $5 billion of funds, and that four of those eight multisigs were “given” to outside parties selected by Polygon. To Bons, this may constitute a risk of collusion.
According to BjelicI, however, the outside parties are “reputable Ethereum/Polygon projects and were not selected by Polygon, they decided to participate.”
“The more signers, the harder it is to coordinate them in case an immediate reaction is required. We are trying to find the right balance here; we already have more signers than most of the other scaling projects,” BjelicI replies.
Here’s what Polygon should do
In his tweets, Bons also shares some advice with the Polygon team.
In Bons’ opinion, Polygon has to decentralize their own governance based on the Matic token holders. Currently, this is still far too centralized following a DPoS (Delegated Proof of Stake) model with a low number of validators. According to data from the Polygon block explorer Plygonscan, only four validators mined a majority of the blocks the past seven days.
Once Polygon has decentralized their governance. They will have to transfer the smart contract admin key to the Matic token holders, Bons suggests. Effectively turning control over to the “Matic DAO”. This would most likely require a migration over to a new Polygon Smart contract.
“This would obviously be very difficult and costly to do. However, that is the price to pay for not doing things right, to begin with. It is the price we pay for decentralization and the security that comes along with that. This is what cryptocurrency should be all about,” Bons tweets.
In his reply, BjelicI says that the suggested solution “is definitely our goal, as described in the transparency report. However, this will increase the reaction time in case of a bug, so it will be implemented and activated gradually.”
CryptoSlate has reached out to Polygon for comments, but received no answers at the time of writing. Some of the quotes have been edited for clarity.