Polygon zkEVM: Results of Spearbit’s Security Audit
Leading up to last week’s launch of Polygon zkEVM Mainnet Beta, the network was comprehensively audited. For more than four months, twenty-six researchers, from two independent security teams, tested all 35 components of Polygon zkEVM, setting a rigorous standard for future and existing ZK rollups.
Making these reports public is how open-source protocols allow users to DYOR—there are no black boxes with the open-source Polygon zkEVM Mainnet Beta.
Scope, Classifications, and Findings
Spearbit’s audit covered every component of Polygon zkEVM, including the prover. The following is a summary of those findings, organized by component.
The security firm classifies vulnerabilities based on severity and likelihood.
In total, the security researchers documented ten critical, one high, and four medium-level vulnerabilities in their review of the code for Polygon zkEVM Mainnet Beta. All of these vulnerabilities were fixed before the launch and an additional audit to verify those fixes was just carried out.
Polygon zkEVM Prover + Cryptography
In a ZK rollup–or any rollup—the network generates a state transition. The prover is where the proof for making a valid state transition is generated. For that reason, it’s the most complex part of the tech stack. The performance of the prover also, to an extent, dictates the performance of the network.
Spearbit’s security team reviewed this codebase, completely or partially, during three discrete audits. (Repo here.) Following their review of the cryptography of Polygon zkEVM’s prover, Spearbit wrote: “no major soundness issues were discovered in either the cryptography or implementation review.”
In two separate reviews of Polygon zkEVM’s prover, Spearbit found two critical and two low-level vulnerabilities. All four vulnerabilities were fixed before the launch of Mainnet Beta.
Because Polygon zkEVM uses validity proofs to generate state transitions, the bridge between the network and Ethereum will have no intermediaries or third parties. Currently, there are security mechanisms in place to protect users at this early stage. But, once the network is mature, the only thing governing the bridge will be two smart contracts: one on Ethereum and one on Polygon zkEVM. (There is also a third smart contract for the consensus mechanism, once the network is progressively decentralized.)
Spearbit’s audit of these smart contracts found no critical or high-severity vulnerabilities. There were three medium-risk vulnerabilities, which were all fixed by Polygon Labs and verified by Spearbit prior to the launch of Mainnet Beta.
There were also 16 low-risk vulnerabilities discovered. Based on Spearbit’s classification, low risk applies to a wide range of vulnerabilities, from “attacks that can be easily repaired or even gas inefficiencies.” The devs for Polygon zkEVM have responded to each in the linked report and have prioritized the limited outstanding issues in the next development sprints. Here are some examples of those low-risk vulnerabilities:
- One relied on there being multiple ZK rollups in a single network
- Another is for users who input an invalid address when bridging funds out of the network
The ROM in Polygon zkEVM stores the instructions for interpreting transaction data. Spearbit’s security review of the ROM covered two reports, which documented five critical vulnerabilities. All five were fixed before the launch of Mainnet Beta, and those fixes were verified by Spearbit’s researchers.
The ROM also contains zkASM, the assembly language that allows Polygon zkEVM to execute the EVM’s opcodes. One critical vulnerability was documented and fixed before the launch of Mainnet Beta.
Tune into the Polygon Blog and social channels to stay up to date on the latest from the Polygon ecosystem.
Together, we can build an equitable future for all through the mass adoption of Web3!