Polygon Probably the most popular alternative to live trading on Ethereum baselayer (L1), giving users the opportunity to make transactions quickly with low fees. Polygon (MATIC) is best known as sidechain of the Ethereum, it mean blockchain compatible with Virtual Machine Ethereum (EVM), which operates its own set of validator nodes. However, the development team Polygon has also invested heavily in Layer-2 technology and provides services such as the zk-STARKs-based Miden scaling solution.
Of course, with success comes the responsibility of protecting all the funds that users hold on the network. In a recent series of tweets, Justin Bons, Founder and CEO of Cyber Capital, accused the Polygon development team of using lax security measures, mainly around multisig, the administrative key control feature of the Polygon smart contract. According to Bons, it is controlling over $5 billion in funds from users.
“Polygon is not secure and centralized right now! It would only take five people to compromise over 5 billion dollars! Four of those people are the founders of Polygon! This is one of the cases hack Or the biggest scam just waiting to happen.”
What the development team can do with Polygon?
“The Polygon smart contract governance key is controlled by five of the eight multi-signature contracts (multisig). This means that the Polygon development team can gain complete control of the network, with only 1 out of 4 contracts being outside of the project's control. The other four parties in multisig also selected by Polygon”.
According to Bons, this also means that the other four parties are "not entirely fair". Control over the contract administration key is equivalent to the power to change the rules. Anything can happen, including deleting the entire Polygon contract.
Some criticism has also been directed at Polygon's alleged lack of transparency. This is not the first time Polygon has been accused of this issue. Chris Blec at DeFi Watch previously sent request to the Polygon development team. However, Polygon did not respond to Blec's request.
The Polygon development team has been vocal about the lack of transparency. The team previously posted report about multisig to clarify the issue. In response to Bons' tweet, Mihailo Bjelic, co-founder of Polygon, indirectly confirmed concerns about multisig as Polygon is "working to eliminate them". Multisig is implemented in the “early stage” and is clearly not the ideal solution as the system grows.
“Multisig is considered the ultimate approach to protecting user funds in the early stages of development and is used by almost any scaling, bridging project.”
Bjelic also cited the transparency report, detailing a “plan to improve and eventually eliminate multisig,” which Bjelic later also explained in a tweet from Bons.
Scams affecting Polygon
According to BjelicI, fraud is not a real concern for Polygon; multisig is used to protect users from being hacked and Polygon is using multisig in this way, contrary to the allegations made by Bons.
According to Bons' criticism, five of the eight multisigs were "completely inadequate" to protect up to $5 billion, and that four of those eight multisigs were "given" to other parties selected by Polygon. select. For Bons, this could pose a risk of collusion.
According to BjelicI, however, other parties are “projects” Ethereum/Polygon has a good reputation and was not selected by Polygon, they decided to join”.
“The more people involved in establishing the signature, the harder it is to coordinate them in case an immediate response is needed. We're trying to find the right balance; and now have more participants than most other scaling projects,” BjelicI replied.
How should Polygon solve his problem?
In his tweet, Bons also shared some advice with the Polygon development team.
In Bons' opinion, Polygon must conduct their own decentralized governance protocol, based on token holders. Matic. For now, this is still too model-focused DPoS (Delegated Proof of Stake) with a low number of validators. According to data from Plygonscan, only four validators have mined the majority of blocks in the last seven days.
Once Polygon has decentralized governance, they will have to pass on the smart contract governance key to Matic token holders, Bons suggested. This will most likely require a move to a new Polygon smart contract.
“This is obviously very difficult and expensive. However, the project didn't get it right from the start, and that's the price they pay for the decentralization and security that comes with it. This is what the market cryptocurrency should be aiming for,” Bons tweeted.
In his reply, BjelicI said that the proposed solution “is certainly the goal of the project, as described in the transparency report. However, this will increase the response time in case something goes wrong, so it will be done and activated gradually.”