Back to Overview

Polygon Fx Portal Security Audit

Summary

The Fx-Portal allows to seamlessly bridge data between Ethereum and Polygon. Projects can simply build on the provided base contracts and use the provided functions to send/receive messages. Several example implementations are part of the repository, demonstrating the use for a simple state transfer or for bridging tokens.

The most critical aspects covered in our audit are security and functional correctness. For the core part, the mechanism and base contracts of the Fx-Portal, security regarding all the aforementioned aspects is high. The examples, while they showcase the use of the Fx-Portal contracts, lack documentation. Considering that projects may build on top of such example contracts, their functionality / limitations should be properly documented.

In summary, we find that the codebase provides a high level of security.

It is important to note that security audits are time-boxed and cannot uncover all vulnerabilities. They complement but don’t replace other vital measures to secure a project.

About Polygon Fx Portal

“Polygon is a decentralised Ethereum scaling platform that enables developers to build scalable user-friendly dApps with low transaction fees without ever sacrificing on security.”

#Source

ChainSecurity holds a special place in my heart, only positive experiences with them and they always go above and beyond. During one of our audits, they actually found a bug in an OpenZeppelin contract we were using, 99% of auditors wouldn't bother looking there.
Gretzke.eth, Software Engineering Lead @ Polygon