DeGate is an Ethereum Layer2 Decentralized Exchange
Recently, Total Value Locked (TVL) in the Polygon ecosystem has seen a steep rise. With the rapid expansion of TVL, the market capitalization of Polygon has also increased rapidly, with its native MATIC Token entering the top 10 in the rankings of cryptocurrency by market cap, surpassing established projects such as UNI and LINK. This rapid rise has spurred feverish discussion and has also led the community to discuss the security of Polygon. This article addresses one aspect of the polygon ecosystem, addressing the cross-chain asset bridge mechanism
Polygon hopes to become the first aggregator of Ethereum scaling solutions while supporting multiple scaling solutions such as Layer 2 and sidechains. Currently, Polygon has a sidechain based on the Plasma framework and the PoS consensus mechanism, as well as two kinds of bridges supported: the PoS Bridge and the Plasma Bridge.
A commonality all the sidechains and Layer 2 systems share is that that the security of the Bridge is of utmost importance because all assets are in custody in a Layer 1 smart contract. Whether the contract retains admin authority and has an emergency exit mechanism is generally an important indicator of whether a Layer 2 system is secure. In this article, we will compare the security and other aspects of the respective bridges of Polygon and Layer 2 rollup solutions.
The bridge is one of the core components of scaling solutions such as sidechains and Layer 2 networks. Assets must pass through the Bridge to be migrated between the Ethereum mainnet and subchain (sidechains or Layer 2). The specific implementation mechanism of the Bridge determines the security of the scaling solution. Let’s take a look first at the Polygon bridge, which supports both PoS Bridge and Plasma Bridge bridge mechanisms.
1. Owner of the asset (ERC20/ERC721/ERC1155) token has to approve a specific contract on the PoS bridge to spend the amount of tokens to be transferred. This specific contract is deployed on the Ethereum mainnet which actually locks the amount of tokens to be deposited.
2. Once the approval is given, the next step is to deposit the asset. A function call has to be made on the RootChainManager contract, which in turn triggers the ChildChainManager contract on the Polygon chain.
3. The ChildChainManager internally calls the deposit function of the child token contract and the corresponding amount of asset tokens are minted to the Polygon account of a specific user. It is important to note that only the ChildChainManager can access the deposit function on the child token contract.
4. Once the user gets the tokens, they can immediately use these tokens on the Polygon chain.
5. Withdrawing assets back to Ethereum is a two-step process in which the asset tokens have to be first burnt on the Polygon chain and then the proof of this burn transaction has to be submitted on the Ethereum mainnet.
6. It takes about 10–30 mins for the burn transaction to be checkpointed into the Ethereum mainnet. This is done by the Proof of Stake validators.
7. After the checkpoint is transmitted back to the mainnet, the proof of the burn transaction can be submitted by calling the exit function of the RootChainManager contract.
8. The exit function will verify all the burn transactions in this checkpoint, and then trigger the predicate contract after verification is passed.
9. As the final step, the predicate contract releases the locked tokens and refunds them to the users’ account on Ethereum.
1. Users deposit tokens in the Polygon contract on Ethereum.
2. Once deposited, tokens get confirmed on the Ethereum mainnet, the corresponding tokens will be minted on the Polygon chain and deposited into the user’s Polygon account, they can immediately use these tokens.
3. Users can withdraw tokens on the Polygon chain to Ethereum at any time. Once the request is submitted, a checkpoint interval of 5 mins is set.
4. Once the checkpoint is submitted to the Ethereum mainnet, an Exit NFT (ERC721) token is created of equivalent value.
5. Users need to wait for a 7 day challenge period, which is determined by the Plasma security mechanism.
6. Once the challenge period is complete, you can use the Exit NFT to claim your token assets and complete the withdrawal.
Amongst the two bridges, the PoS Bridge is the official recommended bridge to use, it is faster to withdraw and supports more Ethereum asset standards. A challenge period of 7 days is required for Plasma Bridge to withdraw and it will have a higher security level. A comparison between the two and their core features is as follows:
The core of the security of the Bridge lies in whether users can deposit and withdraw assets without trust, including whether Layer 1 can independently recover the transaction data on Layer 2 and the user’s asset balance on Layer 1 (data availability) when nodes on Layer 2 are unavailable or even malicious. We will compare Polygon Bridge and Rollup Bridge in this section.
Polygon PoS Bridge is secured by a set of external verifiers. In a general PoS system, security is generally guaranteed by the assets of the verifier bond and penalty mechanism.
In addition, the Bridge contract retains admin authority and is controlled by a multi-signature wallet via a proxy. This multi-signature wallet started with a 2/3 multi-signature and is now upgraded to a 5/8 scheme. Among the 8 signatories, 4 are Polygon co-founders, and the other 4 are key members from other Polygon DeFi projects.
Through our examination of the contract code, the owner of the contract can upgrade and replace the contract at any time (without a delay period), which means that the owner can withdraw all user assets in the contract at any time, which is certainly a potential security risk. Therefore, the assets transferred to the Polygon chain through the Pos Bridge are not trustless at this stage.
The exit mechanism of Polygon Plasma Bridge is based on the Plasma exit mechanism. A challenge period of 7 days is required when withdrawing funds like Optimistic Rollup because of the use of fraud proofs.
However, an important shortcoming of the Plasma solution compared to the Rollup solution is data unavailability, that is, the Plasma operator only generates a hash value of the transaction data and stores it on Layer 1, and Layer 1 does not have the available data to verify whether the operator is malicious and recover all transactions on Layer 2.
In the Optimistic Rollup solution, a third-party Sequencer is responsible for the interaction between Layer 2 and Layer 1. The sequencer will count the corresponding assets in users’ Layer 2 accounts when users deposit assets on Layer 1 and periodically generate new state roots for transactions it receives on Layer 2 and publish it on Ethereum. When users withdraw funds, they prove that they have sufficient funds at the current state by showing a Merkle proof referencing the state roots published by the sequencer to complete the withdrawal. Optimistic Rollup introduces the concept of verifier and challenge period to prevent the sequencer from submitting invalid state transition. A challenge period of 7 days is required when any new state roots are released by the sequencer. During the challenge period, the verifier can publish a fraud proof whenever finds that one of the state transitions is invalid. If the proof is successful, the state transition will be canceled and the sequencer’s deposit will be awarded to the verifier.
At the same time, the sequencer is required to submit all the transaction data on Layer 2 to the calldata on Layer 1 to avoid the situation where the sequencer is malicious or offline, so that even if the sequencer disappears, a new sequencer may retrieve all the Layer 2-related data and continue from where their predecessor left off.
In the ZK Sync Bridge, the Rollup solution will compress the transactions on Layer 2 and submit them to the calldata on Layer 1. This first ensures the data availability of Layer 2 network data on Layer 1.
In addition, anyone can trigger an emergency exit mode when the entire zkSync system is unavailable, such as when Layer 2 cannot receive the user’s signature and Layer 2 no longer submits transaction data to Layer 1.
1. Any user can initiate a withdrawal request on Layer 1 by calling requestFullExit, where the request sequence is stored and has a timeout (currently designed for 3 days).
2. Any user can activate Exodus Mode by calling activateExodusMode when the 1st request in the request sequence of step 1 has not been processed by the zkSync operator after the timeout period.
3.The user can use the official tool offchain to crawl the calldata data on Layer 1 to finally synchronize to the zkSync state in Exodus Mode and generate zkProof for the user-owned assets based on this state.
4. Finally, the user completes the final withdrawal by calling the methods of performExodus and withdrawPendingBalance (using the zkproof generated in step 3 and some data as parameters).
It can be seen that zkSync has a very well-designed exit mechanism. Even if the Layer 2 node is completely unavailable, users can still use the calldata data on Layer 1 to withdraw the assets stored in the bridge.
For details, please see: A Test of zkSync 1.0’s Exodus Mode on Ropsten
The main comparison of the four bridges above is as follows:
From the above analysis, we see that there are various tradeoffs being made in terms of speed, security, and the required trust levels needed in each of the Bridges.
As DeGate aims to be the Decentralized Exchange with the best trading experience built on Ethereum Layer 2, it is important that we are continually understanding the evolution of the various Layer 2 and side chain systems and their tradeoffs.
DeGate team will thoroughly research the various Layer 2 solutions on the market and choose one or more to deploy DeGate products on, integrating performance, security, user experience, and other metrics.
Create your free account to unlock your custom reading experience.