Market

Multisig Criticized by Polygon as Not Enough Secure – $5 Billion at Risk?

Polygon is probably the most popular alternative to direct transactions on the Ethereum base layer (L1), giving users the ability to transact quickly and with low fees. Polygon (MATIC) is best known as the Ethereum sidechain, i.e. the Ethereum Virtual Machine (EVM) compatible blockchain that runs its own validation nodes. However, the Polygon development team has also invested heavily in Layer 2 technology, offering services such as the zk-STARKs-based Miden scaling solution.

Of course, with success comes a responsibility to protect any funds users keep on the network. In a recent series of tweets, Justin Bons, founder and CEO of Cyber ​​Capital, accused the Polygon development team of employing lax security measures that mostly revolve around multisig, the control function that controls the Polygon smart contract management key . According to Bons, it controls more than USD 5 billion in user funds.

“Polygon is currently not secure and centralized! It would only take five people to compromise over $5 billion! Four of these people are the founders of Polygon! This is one of the biggest hacks or scams just waiting to happen.”

The development team can take full control of Polygon

“Polygon’s smart contract governance key is governed by five of the eight multisig contracts. This means that the Polygon development team can gain complete control of the network with only 1 out of 4 contracts being out of the project’s control. The other four parties in the multisig were also selected by Polygon.

According to Bons, this also means that the other four parties are “not entirely fair”. Control of the contract management key is tantamount to the power to change the rules. Anything can happen, including the deletion of the entire Polygon contract.

Some criticism has also been directed at Polygon’s alleged lack of transparency. This isn’t the first time Polygon has been accused of this issue. DeFi Watch’s Chris Blec previously broadcast inquiry to the Polygon development team. However, Polygon did not respond to Blec’s request.

The Polygon development team has been vocal about the lack of transparency. The team previously posted report about multisig to clarify the issue. In response to Bons’ tweet, Polygon co-founder Mihailo Bjelic indirectly acknowledged concerns about multisig, as Polygon is “working to eliminate them.” Multisig is implemented in the “early phase” and is clearly not the ideal solution as the system grows.

“Multisig is considered the ultimate approach to protecting user funds in the early stages of development and is used by almost every scalable bridge project.”

Bjelic also cited the transparency report, in which he described a “plan to improve and eventually eliminate multisig,” which Bjelic also later explained in a Bons tweet.

Phishing is not a practical concern for Polygon

According to BjelicI, cheating isn’t really a problem for Polygon; Multisig is used to protect users from hacking and Polygon uses multisig in this way, contrary to what Bons claims.

According to Bons’ criticism, five of the eight multisigs were “completely inadequate” to protect up to $5 billion, and four of those eight multisigs were “awarded” to other parties chosen by Polygon. For Bons, this could pose the risk of collusion.

However, according to BjelicI, the other parties are “reputable Ethereum/Polygon projects and not selected by Polygon that have decided to participate.”

“The more people involved in creating the signature, the more difficult it is to coordinate them in case an immediate response is required. We try to find the right balance; and now have more participants than most other scaling projects,” BjelicI replied.

What should Polygon do?

In his tweet, Bons also shared some advice with the Polygon development team.

According to Bons, Polygon needs to run its own decentralized governance protocol based on Matic token holders. Currently, this is still too centralized under the DPoS (Delegated Proof of Stake) model with a small number of validators. Follow Data of Plygonscan, only four validators mined the majority of blocks in the last seven days.

Once Polygon has decentralized governance, they will need to share the smart contract governance key with Matic token holders, Bons suggested. This will most likely require a switch to a new smart contract from Polygon.

“It’s obviously very difficult and expensive. However, the project didn’t get it right from the start, and that’s the price they pay for the decentralization and security that comes with it. This is where the crypto market should be,” Bons tweeted.

In his response, BjelicI said that the proposed solution “is certainly the aim of the project as described in the transparency report. However, this increases the reaction time in case something goes wrong, so it will be taken care of and activated in stages.”

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Annie

Championing positive change through finance, I've dedicated over eight years to sustainability and environmental journalism. My passion lies in uncovering companies that make a real difference in the world and guiding investors towards them. My expertise lies in navigating the world of sustainable investing, analyzing ESG (Environmental, Social, and Governance) criteria, and exploring the exciting field of impact investing. "Invest in a better future," I often say. That's the driving force behind my work at Coincu – to empower readers with knowledge and insights to make investment decisions that create a positive impact.

Recent Posts

Volatility Shares Solana ETFs With Up To 2x Leverage Proposed With SEC

The Volatility Shares Solana ETFs will be based on Solana's future contracts and will provide…

43 seconds ago

Solana Co-founder Sued for Embezzling SOL Staking Profits from Ex-Wife

Solana co-founder Stephen Akridge is being sued by his ex-wife, Elisa Rossi, for allegedly misappropriating…

1 hour ago

Internal Revenue Service Imposes New DeFi Tax Rules

The Internal Revenue Service finalized regulations requiring DeFi brokers to report gross proceeds from digital…

1 hour ago

Software Developer from Austin Tries Her Luck with SOL & LINK, Earns $1.2M – Now She Bets Even Bigger on BlockDAG

Learn how $10,000 became $1.2M using Solana and Chainlink. Explore why BlockDAG is the leading…

3 hours ago

Qubetics Presale Sells 379M Tokens, Raising $7.9M While Ethereum Hits $3,300 and Kaspa’s Layer-2 Tech Gains Traction

Discover why Qubetics ($TICS), Ethereum (ETH), and Kaspa (KAS) are the best cryptos to buy…

4 hours ago

This website uses cookies.