The Coin Crunch

Share this post

Is Polygon Centralised?

www.coincrunch.news

Is Polygon Centralised?

Polygon boasts having over 37000 DApps, but it may be centralised warns an expert. What is the truth?

Naimish Sanghvi
Aug 17, 2022
3
2
Share this post

Is Polygon Centralised?

www.coincrunch.news

Dear readers,

There is a process I follow to decide on my one pièce de résistance that will stand out in your inbox every morning. I spend hours reading about various news from the industry, then skim through several Twitter chats, followed by looking at the chatter in several WhatsApp and telegram groups I am part of. Eventually, I choose a subject which is either not at all talked about like the anti-crypto conference or is gaining a notorious amount of attention like who really owns WazirX.

Today’s topic, however, is neither.

Polygon is no doubt the flag bearer of the crypto ecosystem, especially as one that originated from India. Recently, they celebrated being home to 37000 DApps

1
. But is that enough?

Justin Bons founder & CIO of Cyber Capital raised concerns about the chain being centralised. This is not the first time he or many others have raised concerns. He received clarifications from several prominent representatives at Polygon.

And hence today’s topic is Is Polygon Centralised?

Before we begin, may I request you to subscribe to and support the newsletter? It is free and only needs your email.

Polygon’s Centralisation Concerns

Justin Bons is the Chief Information officer and founder of an investment fund Cyber Capital. He regularly writes about security concerns of public chains, sometimes with remediation suggestions as well. On August 15, 2022, he tweeted, “Polygon is still highly insecure & centralized!” followed by a 25 tweet thread explaining how. This isn’t even the first time Bons has raised these concerns. Many others have also raised similar concerns in the past. Here’s a gist of Bons’ concerns:

  • The Polygon admin key is controlled by a 5 out of 8 multi-sig contract, and four of these access keys are controlled by the four co-founders. This means that one additional key holder can conspire with the founders and gain control of Polygon’s bridge currently holding assets worth ~$2 Billion.

  • If an attacker has control they may be able to censor transactions as well, Bons claims.

  • Lack of transparency. Bons says that Polygon has not disclosed how the multi-sig contract is set up & how the keys are managed and it is very well possible that one person may already be able to control the contract.

  • Bons further acknowledged that this is a common practice in the industry, but as Polygon is as huge as it is, it must be called out and the issue must be remediated. “Polygon could & should lead the way in that direction”, he wrote.

  • He raised concerns that while the founders may never actually scam but they “are also exposing themselves to danger as they become targets as human points of centralization!… Organized crime could target these individuals, potentially even through kidnapping & blackmail!”

  • Polygon governance is still far too centralized as they have a low number of validators.

  • Many others have pointed out concerns like the top 100 addresses hold almost 89% of the total MATIC circulating supply.

    2

Bons’ Alternative

Bons says the way forward is to hand over the admin key to Matic token holders, effectively turning control over to a "Polygon DAO". This would mean a complete migration to a new contract.

“A DAO should control the admin key, but if a multi-sig is necessary it can be done more securely”, says Bons.

Such a proposal means a massive expensive overhaul of the system. Bons acknowledges this, but says this is the price to pay for decentralization.

Key People at Polygon Address Centralization and Exit Scam Concerns

Over the course of the past couple of years, Polygon co-founders, governance leads and several others have addressed these concerns on Twitter. Even today they came forward to discuss.

Both Mudit Gupta, the CISO at Polygon and Mateusz Rzeszowski, the governance facilitator and author of “State of Governance: Decentralization” at Polygon responded today.

  • Gupta says it is a huge legal liability for Polygon founders to scam the network as they are doxxed - their identities are public.

  • He also says that in an event of a takeover, only the assets in the bridge can be compromised, and the transactions on the PoS chain cannot be censored as Bons claimed.

  • Both Gupta and Rzeszowski acknowledged the validity of concerns with the mutli-sig contract. They said that they have and still continue to look at potential solutions while also welcoming feedback and suggestions from the community. The goal is to eventually hand over control to MATIC token holders via governance.

  • The reason the keys are controlled by 8 individuals is that the contracts of Polygon first needed to be battle-tested and robust enough so that user funds are not affected in case of bugs that can now be fixed quicker. In December 2021, Polygon was able to quietly patch a bug that put 9B MATIC at risk.

    3

  • Rzeszowski added that they are developing a tool that allows anyone to see the transactions done using the multi-sig.

Twitter avatar for @matrzeszowski
Mateusz Rzeszowski @matrzeszowski
@Justin_Bons Lastly, as we work towards an ‘ultimate’ solution, we want to provide further transparency into the multi-sig and relevant processes. As such, we’re developing an application that will grant visibility into multi-sig transanctions to anyone interested.
2:07 PM ∙ Aug 16, 2022

Opinion: Is Polygon Centralised?

Simply put, the concerns about multi-sig are absolutely valid but that is the practice of the industry. I sort of agree with Gupta who colloquially said “Nobody builds a fortress and then makes the blueprints public”.

Almost all L2s like Optimism and Arbitrum follow a similar process.

Polygon has a total market cap of $7B, I simply do not see the advantage for founders in scamming the network. This is like their golden goose. Why kill it?

Yes, just because they are not incentivised to do so, doesn't mean that other bad actors won’t try to gain control of the contract. So, until they truly figure out how Polygon DAO will govern the keys, I suggest the four co-founders never be alone in non-crowded places to avoid any kidnapping and extortion risks.

Overall these debates are healthy for the ecosystem to thrive. There is always something new to learn. There will always be a threat actor that only a few people may be able to identify. Hence, these conversations help the entire ecosystem become more robust and decentralised.

What do you think of Polygon?

Loading...

Thanks for reading The Coin Crunch! Subscribe for free to receive new posts directly to your inbox.


In Other News:

  1. BitGo wants Galaxy Digital to pay $100 Million for the termination of the merger agreement. Read more

  2. 19 Celebrities receive letters from Advertising Watchdog for promoting NFTs. Read more

  3. Andreessen Horowitz writes a cheque of $350 Million to WeWork's former CEO for his new startup. Read more

1

Polygon is home to 37000 DApps - https://blog.polygon.technology/polygon-is-now-home-to-over-37000-dapps/

2

Top 100 Polygon Wallets - https://cryptorank.io/price/matic-network/holders

3

Polygon Patch - https://www.coindesk.com/tech/2021/12/29/polygon-discloses-patched-exploit-that-put-9b-matic-at-risk/

2
Share this post

Is Polygon Centralised?

www.coincrunch.news
2 Comments
Shrikant Daphal
Aug 17, 2022

Is it possible to translate or write in simple Hindi language ? Or you can summarised it in Hindi, if possible

As you know most of our community having problem with English.

Expand full comment
Reply
1 reply by Naimish Sanghvi
1 more comment…
TopNewCommunity

No posts

Ready for more?

© 2023 Naimish Sanghvi
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great writing