Reza Arap Oktovian
The cryptocurrency landscape is constantly evolving, with new technologies and platforms emerging to address the scalability and cost limitations of established blockchains. Among these, Polygon (MATIC) has garnered significant attention as a leading solution for faster, cheaper transactions, often described as a "side-chain" to Ethereum. However, its rapid ascent has also brought heightened scrutiny, particularly concerning the security of the vast sums of capital entrusted to its network. Recent critiques have cast a shadow over Polygon’s security infrastructure, specifically targeting its reliance on a multi-signature (multisig) smart contract that reportedly controls over $5 billion in funds.
The controversy was brought to the forefront by Justin Bons, Founder & CIO of Cyber Capital, who, in a series of tweets on February 12, 2022, alleged that Polygon’s current setup is "insecure & centralized." Bons’ primary concern revolves around the Polygon smart contract admin key, which is governed by a five-out-of-eight multisignature contract. This arrangement, he argues, presents a significant risk, as it would only require a concerted effort from five individuals to potentially compromise a substantial portion of the network’s value. He further highlighted that four of these key holders are reportedly founders of Polygon, raising concerns about potential conflicts of interest and the possibility of collusion or an "exit scam."
Bons elaborated on the mechanism, stating, "The Polygon smart contract admin key is controlled by a five out of eight multi-signature contract. This means that the Polygon [team] can gain complete control over Polygon with only one of the four outside parties conspiring. The other four parties in the multisig were also selected by Polygon." This concentration of control, according to Bons, means that these external parties are "not exactly impartial." The implication is that control over the admin key grants the power to alter network rules, opening the door to unforeseen and potentially catastrophic actions, including the draining of all funds held within the Polygon contract.
This is not the first time Polygon’s operational transparency has been questioned. Chris Blec, associated with DeFi Watch, had previously submitted a formal request to the Polygon team seeking greater clarity on their security protocols. According to both Bons and Blec, Polygon had not provided a satisfactory response to these inquiries, further fueling the debate around the project’s openness.
In response to these mounting concerns and questions, the Polygon team, while not directly addressing every point in Bons’ initial tweet thread, has acknowledged the discussions and reaffirmed their commitment to security. Mihailo Bjelic, co-founder of Polygon, indirectly confirmed the underlying worries regarding multisigs in a tweet on February 14, 2022, stating that Polygon is "working towards removing them." Bjelic explained that multisigs were implemented during the "early phase" of development as a standard security measure for scaling and bridging solutions, and are not considered an ideal long-term solution as the ecosystem matures.
Bjelic’s broader response, disseminated across a series of tweets, aimed to provide a more comprehensive perspective on the use and future of multisigs within Polygon. He asserted that multisigs are employed to "increase security, not to decrease it," and that Polygon is "responsibly using them." He further emphasized that the team is actively working on phasing them out.
The Rationale Behind Multisignature Contracts
Multisignature wallets, or multisigs, are a fundamental security tool in the blockchain space. Unlike a standard wallet that requires a single private key to authorize a transaction, a multisig requires a predetermined number of keys (signatures) from a larger set of authorized keys to approve an action. This "M-of-N" system, where M is the number of required signatures and N is the total number of available keys, significantly enhances security by mitigating the risk of a single point of failure. For instance, a 3-of-5 multisig means that out of five authorized individuals, at least three must sign off on a transaction before it can be executed.
In the context of a blockchain protocol like Polygon, multisig contracts often govern critical administrative functions. These can include the ability to upgrade smart contracts, manage network parameters, or access reserve funds. The intention is to distribute control and prevent any single entity or small group from unilaterally making impactful decisions. However, the effectiveness and security of a multisig setup depend heavily on several factors: the number of participants, the selection process of those participants, and the degree of independence they possess.
Polygon’s Defense and Future Plans
Addressing Bons’ specific critique about the five-out-of-eight multisig, Bjelic contended that an "exit scam is not a realistic concern for Polygon." He argued that the multisig’s purpose is to protect users from external hacks, and that Polygon’s implementation is a responsible measure, contrary to the accusations of recklessness.
Regarding the composition of the multisig, Bons had claimed that four of the eight signers were "given" to outside parties selected by Polygon, implying a lack of impartiality and a potential for collusion. Bjelic countered this by stating that the external parties involved are "reputable Ethereum/Polygon projects and were not selected by Polygon, they decided to participate." This assertion suggests a more organic and community-driven selection process for these external signers, although the specifics of how these "reputable projects" were approached and vetted were not detailed in his tweets.
Bjelic also addressed the concern about the number of signers. He explained that while a higher number of signers generally enhances decentralization, it can also impede the speed of critical actions, such as responding to bugs or emergencies. "The more signers, the harder it is to coordinate them in case an immediate reaction is required," he noted. "We are trying to find the right balance here; we already have more signers than most of the other scaling projects." This statement implicitly acknowledges the trade-off between decentralization and operational agility.
The Polygon co-founder pointed to a previously published multisig transparency report as evidence of the team’s proactive approach to addressing these concerns. This report, he indicated, outlines a "plan to improve and eventually remove multisigs." The strategy, as described by Bjelic, involves a gradual transition towards a more decentralized governance model.
Critic’s Recommendations for Enhanced Security and Decentralization
Justin Bons, in his critical analysis, did not merely identify vulnerabilities; he also proposed concrete steps for Polygon to enhance its security and decentralization. His primary recommendation was for Polygon to decentralize its governance structure by empowering its native token holders, specifically MATIC. Currently, Bons argues, the network operates under a Delegated Proof of Stake (DPoS) model with a limited number of validators, which he considers too centralized. Data from Polygonscan, the network’s block explorer, indicated that in the seven days preceding Bons’ critique, only four validators were responsible for mining a majority of the blocks. This concentration of validation power is a common concern in DPoS systems.
Bons’ proposed solution involves transferring the control of the smart contract admin key directly to MATIC token holders, effectively establishing a "Matic DAO" (Decentralized Autonomous Organization). This would necessitate a significant undertaking, likely involving a migration to a new Polygon smart contract.
"This would obviously be very difficult and costly to do," Bons conceded in his tweets. "However, that is the price to pay for not doing things right, to begin with. It is the price we pay for decentralization and the security that comes along with that. This is what cryptocurrency should be all about." His statement underscores the philosophical underpinnings of decentralized finance, where security and community control are paramount.
Mihailo Bjelic acknowledged the validity of Bons’ proposed direction, stating that decentralizing governance and transferring control to token holders is indeed "definitely our goal, as described in the transparency report." However, he reiterated the practical challenges, particularly concerning the potential impact on response times during critical events. He confirmed that the implementation would be a gradual process, ensuring that the network’s stability is not compromised.
Broader Implications for the Layer 2 Ecosystem
The debate surrounding Polygon’s multisig security has broader implications for the entire Layer 2 scaling solution ecosystem. As these platforms handle increasingly significant amounts of value, the trust placed in their security mechanisms becomes paramount. The concerns raised by critics like Justin Bons highlight a fundamental tension in the development of decentralized technologies: the balance between rapid deployment, operational efficiency, and robust decentralization.
Many Layer 2 solutions, including bridges and rollups, initially rely on multisig contracts or similar centralized control mechanisms to facilitate essential functions during their nascent stages. The challenge lies in transitioning these centralized elements to truly decentralized governance without introducing new vulnerabilities or compromising the network’s utility. The transparency report mentioned by Bjelic, and the team’s stated intention to gradually remove multisigs, represent a step in this direction. However, the specifics of the implementation, the criteria for selecting future decentralized governance participants, and the mechanisms for ensuring accountability will be crucial.
The cryptocurrency community often scrutinizes projects that hold large sums of user funds. Any perceived weakness in security or governance can lead to a loss of confidence, impacting token price and adoption. For Polygon, a platform that has achieved substantial popularity and processed billions of dollars in transactions, addressing these security concerns transparently and effectively is vital for its long-term sustainability and credibility.
The lack of immediate detailed comment from Polygon to CryptoSlate at the time of writing suggests that the platform may be carefully considering its public statements on such a sensitive issue. However, the dialogue initiated by critics and the subsequent responses from Polygon’s co-founder indicate an ongoing effort to navigate these complex security and decentralization challenges. The path forward for Polygon will likely involve a deliberate and phased approach to decentralizing control, a process that will be closely watched by developers, investors, and users across the blockchain space. The ultimate success of Polygon, and indeed many other Layer 2 solutions, may hinge on their ability to demonstrate a clear and verifiable commitment to decentralization and the security of user assets.
