Reza Arap Oktovian
Polygon, a prominent Ethereum scaling solution, is facing scrutiny over the security of its core infrastructure, particularly its multisignature (multisig) contract that controls a significant portion of the network’s assets. The debate, ignited by prominent figures in the cryptocurrency space, centers on whether the current security measures are adequate to protect the estimated $5 billion in funds entrusted to the Polygon network.
At its core, Polygon is recognized for its ability to offer fast and low-fee transactions, acting as a "side-chain" to the Ethereum mainnet. This Ethereum Virtual Machine (EVM) compatible blockchain operates with its own set of validator nodes. Beyond its side-chain capabilities, the Polygon team has also made substantial investments in pure Layer-2 scaling technologies, including solutions like the zk-STARKs-based Miden scaling solution, signaling a commitment to broader blockchain scalability. However, with this growing prominence and the substantial value it attracts, the responsibility to safeguard user funds has become a focal point of discussion.
The controversy began to surface publicly when Justin Bons, Founder & CIO of Cyber Capital, articulated his concerns in a series of tweets. Bons asserted that Polygon, in its current state, is both insecure and centralized. His primary critique targets the Polygon smart contract multisig contract, which governs the Polygon smart contract admin key. According to Bons’s calculations, this key holds sway over an estimated $5 billion in funds.
The Multisig Mechanism and Centralization Concerns
Bons’s detailed analysis highlights a specific point of contention: the composition and threshold of the multisig contract. He stated, "The Polygon smart contract admin key is controlled by a five out of eight multi-signature contract." This configuration implies that a minimum of five out of eight designated individuals or entities must approve a transaction for it to be executed. Bons’s concern is that "it would only take five people to compromise over $5 billion! Four of those people are the founders of Poly!" This concentration of control among a small group, particularly founders, raises alarms about the potential for collusion or undue influence.
The implication of this multisig setup, as articulated by Bons, is that "the Polygon [team] can gain complete control over Polygon with only one of the four outside parties conspiring." He further elaborated that the other four parties involved in the multisig were also selected by Polygon. This selection process, according to Bons, means these parties are "not exactly impartial," further exacerbating concerns about genuine decentralization and security. The power vested in the contract admin key is significant, granting the ability to alter network rules, which, in Bons’s view, opens the door to a wide range of potential vulnerabilities, including the possibility of draining the entire Polygon contract.
Allegations of Opacity and Lack of Transparency
Adding to the security debate are accusations of a lack of transparency surrounding Polygon’s operations. This is not the first instance where Polygon’s perceived opaqueness has been called into question. Chris Blec, a figure associated with DeFi Watch, had previously sent a formal request to the Polygon team seeking clarification on certain aspects of their operations. According to both Bons and Blec, Polygon did not provide a satisfactory response to Blec’s request, fueling further skepticism among critics.
Polygon’s Defense and Roadmap for Improvement
The Polygon team, however, has not remained entirely silent in the face of these criticisms. Questions regarding their security measures, particularly the use of multisigs, have been addressed in the past. In an effort to foster greater clarity, the team had previously published a multisig transparency report.
Responding indirectly to Justin Bons’s tweet thread, Mihailo Bjelic, co-founder of Polygon, acknowledged the validity of some concerns surrounding the multisig setup. Bjelic confirmed that Polygon is actively "working towards removing them," indicating that the multisig was a necessary measure implemented during an "early phase" of development and is not considered an ideal long-term solution as the ecosystem matures.
In a series of tweets, Bjelic elaborated on the rationale behind the multisig implementation. He stated, "The usage of multisigs has been addressed many times. Mainly for the sake of newcomers, let’s cover the key points once again. TL;DR: Multisigs are used to increase security, not to decrease it. Polygon is responsibly using them, and we are working towards removing them." He further explained that multisigs are "considered the optimal approach to secure user funds in the early phases of development and are used by almost every scaling and bridging project."
Bjelic pointed to the existing transparency report, which outlines a "plan to improve and eventually remove multisigs." He directly addressed some of Bons’s specific criticisms, particularly the notion of an "exit scam." Bjelic asserted that an "exit scam is not a realistic concern for Polygon." He reiterated that multisigs are employed to protect users from external hacks, and that Polygon’s current usage is a demonstration of responsible stewardship, contrary to the accusations of recklessness.
Regarding the composition of the multisig, Bons had criticized the five-out-of-eight setup as "wholly insufficient" for safeguarding $5 billion and pointed out that four of the eight multisig signers were chosen by Polygon, raising concerns about collusion. Bjelic countered this by stating that the outside parties are "reputable Ethereum/Polygon projects and were not selected by Polygon, they decided to participate." He also addressed the challenge of coordinating a large number of signers, noting, "The more signers, the harder it is to coordinate them in case an immediate reaction is required. We are trying to find the right balance here; we already have more signers than most of the other scaling projects."
Recommendations for Enhanced Decentralization and Security
Justin Bons also offered concrete recommendations for the Polygon team to address the perceived vulnerabilities. A key suggestion was for Polygon to decentralize its governance structure, moving away from its current Delegated Proof of Stake (DPoS) model, which he argued still has too few validators. Data from Polygonscan, the network’s block explorer, indicates that in the seven days preceding the article’s publication, only four validators mined a majority of the blocks, underscoring Bons’s point about limited validator participation.
Bons proposed that once governance is sufficiently decentralized, the smart contract admin key should be transferred to MATIC token holders. This would effectively place control in the hands of a "MATIC DAO" (Decentralized Autonomous Organization). He acknowledged that this process would likely necessitate a migration to a new Polygon smart contract and would be a complex and costly undertaking. However, he framed it as a necessary price for achieving true decentralization and security, aligning with the core principles of cryptocurrency.
Mihailo Bjelic responded to this recommendation, stating that such a decentralized governance model "is definitely our goal, as described in the transparency report." However, he cautioned that a fully decentralized governance structure could increase reaction times in the event of a bug or emergency. Therefore, he indicated that this transition would be implemented and activated "gradually."
Broader Implications for the Scalability Sector
The debate surrounding Polygon’s multisig security has wider implications for the broader cryptocurrency scaling sector. As Layer-2 solutions and side-chains become increasingly critical for the adoption of blockchain technology, the security of their underlying infrastructure is paramount. The concerns raised by critics like Justin Bons highlight a fundamental tension in the development of these technologies: the need for efficient governance and rapid decision-making in early stages versus the long-term imperative of decentralization and robust security.
The presence of a multisig contract, especially one controlling substantial assets, introduces a single point of failure or a potential vector for attack if compromised. While multisigs are a common practice in the industry for managing funds and upgrades during nascent development phases, the scale of assets controlled by Polygon’s multisig has amplified these concerns. The reliance on a small group of trusted individuals or entities, even if reputable, inherently carries risks that are antithetical to the decentralized ethos of blockchain.
The response from Polygon, acknowledging the need to eventually remove multisigs and transition to more decentralized governance, demonstrates a commitment to addressing these criticisms. However, the timeline and the gradual nature of this transition suggest that users will need to continue to place a degree of trust in the current system. The dialogue initiated by critics serves as a crucial catalyst for transparency and accountability within the rapidly evolving Layer-2 landscape. As more value and users migrate to these scaling solutions, the demand for verifiable security and true decentralization will only intensify. The ongoing discussions around Polygon’s security are indicative of a maturing ecosystem grappling with the complexities of balancing innovation with the foundational principles of trustlessness and security.
The crypto community will be closely watching Polygon’s progress in implementing its roadmap for enhanced decentralization and the eventual removal of the multisig controls. The success of these efforts will not only impact Polygon’s reputation but also set a precedent for other scaling solutions striving to build secure and decentralized infrastructure for the future of blockchain.
