Cointime

Cointime

Download App
iOS & Android

Lost in Translation: Polygon Bridge’s Unclaimed Millions

Validated Media

At ZenGo – the non-custodial MPC wallet with no private key – we are preparing to add support for  Polygon’s POS chain (AKA Polygon or MATIC). This will allow ZenGo users to enjoy Web3 DeFi and NFTs with lower gas fees, and offer all Polygon users a wallet with 10x more security than traditional wallets currently supporting Polygon. One of the key elements of Polygon’s success is its bridging technology, allowing users to virtually move assets (such as NFTs and tokens) from the Ethereum blockchain to the Polygon blockchain and vice versa.

Coming Soon! TM 😉

As part of our ongoing research on blockchains and their security features, we investigated the inner workings of Polygon’s bridge. There, we discovered millions of USD of forgotten bridged tokens that have not been claimed by their owners. As a result of this research we were able to help a whale user reclaim $2M of funds, together with the Polygon team.

In this blog we dive into the inner workings of the Polygon bridge, successfully verify its financial soundness by leveraging some newly-developed Dune Analytics capabilities, discuss the phenomena of forgotten funds, and show how they can be claimed by their rightful owners.

How the Polygon Bridge Works

To bridge assets between Ethereum and Polygon, users must rely on a dapp, like the official Polygon bridge.

The Polygon Bridge Dapp (https://wallet.polygon.technology/bridge)

But what happens behind the scenes of this dapp, how does it work?

When users want to transfer an asset from Ethereum to Polygon (AKA “deposit”), say 100 USDT, they send it to a contract deployed by Polygon on the Ethereum blockchain and this contract emits an event. Polygon validator nodes are monitoring for such events and when they find them, they mint the appropriate amount/asset (100 USDT) on the Polygon blockchain and send it to the user’s address. The user’s Polygon address remains the same address as on Ethereum.

Therefore as users, in order to bridge an Ethereum based token to Polygon, we send just a single transaction on Ethereum and after a while the tokens will appear in our wallet on the Polygon side.

Once that token is on the Polygon side, users can engage in whatever form of DeFi they choose and enjoy Polygon’s lower fees and faster completion times. The value of the bridged USDT on the Polygon side remains the same as it was on the Ethereum side, as it’s 1:1 backed by original Ethereum USDT, held by the Polygon’s Ethereum contract.

Let’s assume that after a while, our users profit and now want to bridge their newly earned 200 USDT back to Ethereum (AKA “withdraw”). The process is similar in nature, but a bit different in details.

First, the user has to “burn” (send to the 0 address) their USDT Polygon tokens. As before, Polygon validators are monitoring for such burn events on the Polygon network, accumulate, and aggregate a few of such burns over a period of time and update the Polygon Ethereum side with this aggregated information.

But unlike Polygon deposits, when a user withdraws their assets back to the Ethereum side, they need to send an additional Ethereum transaction to claim their USDT from the Polygon Ethereum contract. The claim transaction contains a cryptographic proof that the withdrawer actually burned their tokens on the Polygon side. Once the contract gets the proof, it validates it and sends the tokens to the withdrawer address on Ethereum. 

Summing up, the deposit side (Ethereum → Polygon) is a one click process that takes a few minutes. However, the withdrawal side (Polygon → Ethereum) is a two step process, and may take a few hours between the first step and the availability of the final step.

Verifying the Financial Soundness of Polygon Bridge

The financial soundness of the bridge stems from the fact that for each asset minted on the Polygon side of the bridge, Polygon’s contract on the Ethereum side holds the appropriate amount – given recent news with custodial exchanges and phantom assets, you might consider this inquiry as an attempt to confirm a blockchain’s “Proof of reserves”

Luckily, unlike with centralized exchanges, in DeFi all information is available on the blockchain and we can easily and directly verify it without trusting an obscure proof of reserve document.

Using Etherscan we can see that the Polygon contract holds (as of November 13th, 2022) more than a $7 billion worth of ERC20 tokens alone (without taking into account ETH and NFTs).

When we compared the numbers across the bridge, we were happy to find out that the Ethereum side always had more tokens than the Polygon side, meaning that all of the tokens that were bridged to Polygon are indeed properly backed by Ethereum tokens.

However, we noticed a big surplus of about 1% extra token on the Ethereum side, which required an explanation.

For example: On November 13th, USDT on the Polygon side had 675M units (see below) while the Ethereum side had 683M units (see above).

Polygon bridge ERC20 holdings greater than $7B, on November 13th, 2022 (Source: Etherscan)

We verified that the same phenomena of 1% differences repeat on other major assets such as USDC, ETH, DAI.

Difference in main asset balances across the bridge (as of November 25, 2022)

While 1% may not sound like much, when dealing with $7B sums it can be material.

Forgotten Funds Analysis

To spot the missing funds, we tried to match burned transactions on the Polygon side with their counterpart claim transactions on the Ethereum side. To do so, we took advantage of a new query engine recently developed by Dune Analytics that allows cross-chain queries.

Unclaimed USDT Dune Analytics query (see https://dune.com/queries/1536897)

Using this query, we were able to verify that indeed there were more withdraw calls on the Polygon side than the expected counterpart claim calls on the Ethereum side. As the screenshot above shows, there were about 3000 withdraw calls that are unmatched to a claim just for USDT.

We have since developed and are happy to share a generic Dune Analytics query that supports any bridged ERC20 pair. 

Our generic Dune Analytics query that supports any Polygon bridged ERC20 pair

Holidays came early: Saving $2M for user 007

Looking deeper into individual cases we found many interesting examples. For example, this mysterious user (appropriately abbreviated to 0x007) made two withdraws of both Wrapped ETH and Wrapped BTC on Polygon, each of them worth more than $1M over half a year ago but still have not claimed it on the Ethereum side.

Burning on Polygon (sending to the “0” address) but never claiming on the Ethereum side

We can see that this user was still active on Ethereum a month later, so we can rule out key loss as the reason for not claiming the funds.

To make sure that indeed these funds can be claimed by the user, we simulated the claiming transaction on a simulation platform that can ignore we are not user 0x007, providing it with the appropriate burn proof and were able to claim the $1M lost ETH, meaning the original user can do it too.

Although it’s hard to imagine how someone can just “forget” about millions of USD, we assume that it might be related to the fact that additional transactions are required and that the funds are not claimable immediately, therefore creating room for such mistakes.

When we reported our findings to the Polygon team on November 23rd, 2022, they sent the relevant claiming transactions to the user, releasing $2M from the Polygon bridge to that user’s account. It’s worth noting that any altruistic user willing to pay the gas price, not just Polygon, could claim the unclaimed funds and move them to the original withdrawing account.

007’s account reunited with their $2M unclaimed funds on November 23rd (Source: Debank )

We could only imagine that it was a very nice surprise for 007, waking up and finding an extra $2M in their Ethereum account!

Summing up

The Polygon blockchain and its bridging capabilities can be very useful to users. Bridging from Ethereum is quite straightforward, however bridging back might be more cumbersome to users, currently resulting in potential losses currently valued in millions of USD.

Luckily, nothing is permanently lost! If you have such unclaimed bridge funds, feel free to reach out to us and we will try to help you get your money back!

In the meantime…

  • Follow ZenGo on Twitter for latest updates: @ZenGo
  • Learn more about ZenGo X, our open-source MPC library, and github here.
Polygon
Comments

All Comments

Recommended for you

  • Account abstraction app Plena raises $5 million

    Plena, an abstract account application, has completed a $5 million financing round with participation from Big Brain Holdings, DeWhale, GBV, WebWise, Galxe, Normie Ventures, FounderHeads, and others. In addition, Plena has announced a collaboration with DAO Maker, Chain GPT, Decubate, AI Tech, and Viction Chain by Coin98 to launch the largest airdrop campaign, distributing 2% of its total supply before listing.

  • Account abstraction app Plena completes $5 million in financing, with Normie Ventures and others participating

    Plena, an account abstraction application, has announced the completion of a $5 million financing round with participation from Big Brain Holdings, DeWhale, GBV, WebWise, Galxe, Normie Ventures, FounderHeads and others. Plena also announced a collaboration with DAO Maker, Chain GPT, Decubate, AI Tech, and Viction Chain by Coin98 to conduct an airdrop activity, distributing 2% of its total supply before listing.

  • Homium Closes $10M Funding Round and Tokenizes Home Equity Loans on Avalanche

    Real estate equity mortgage loan institution and securitization platform Homium announced the completion of a $10 million Series A financing, led by Sorenson Impact Group and Avalanche Ecosystem Fund, and has launched the first home equity loan on Avalanche.

  • Decentralized exchange CVEX completes $7 million financing, led by Fabric Ventures and others

    Decentralized exchange CVEX announced the completion of a $7 million financing round, led by Fabric Ventures and Kyber Capital Crypto Fund. AMDAX, Wave Digital, Funfair Ventures, Seier Capital Family Office, Five T Group, and Saxon also participated. It is reported that CVEX is expected to launch its mainnet this summer.

  • DePIN project SendingNetwork raises $7.5 million in financing

    DePIN project SendingNetwork has raised $7.5 million in a seed extension financing round. Several investors, including Nomad Capital, Symbolic Capital, Web3.com Ventures, Galxe, SWC Global, Balaji Srinivasan, and Yield Guild Games co-founder Gabby Dizon, participated in this round of financing. Following last year's initial seed round financing of $12.5 million, this seed extension financing brings SendingNetwork's total funding to $20 million.

  • PeckShield: Chainzoom's token ZOOM on Uniswap is a scam trading pair

    PeckShield has detected a scam warning issued by Chainzoom, which states that scammers have set up a fake ZOOM/WETH trading pair on Uniswap to deceive users. Chainzoom will postpone the TGE of ZOOM and contact Uniswap to remove the fraudulent trading pair and add the correct ZOOM/WETH trading pair. Chainzoom will airdrop all ZOOM holders to protect user interests. PeckShield stated that the fake ZOOM token has already fallen by 42% in the past hour, and the fraud token deployer has interacted with Binance.

  • Liquidity re-pledge agreement Puffer raises $18 million

    Puffer, a liquidity re-pledge agreement, announced on Tuesday that it has raised $18 million in round A financing. The round was led by Brevan Howard Digital and Electric Capital, with investors including Coinbase Ventures, Kraken Ventures, Lemniscap, Franklin Templeton, Fidelity, Mechanism, Lightspeed Faction, Consensys, Animoca, and GSR. The new funds will be used to help launch Puffer's mainnet. Previously, Puffer raised $5.5 million in a round of financing led by Lemniscap and Lightspeed Faction.

  • Contango Digital Assets raises $5m in first close of Blockchain x AI Fund

    Contango Digital Assets, a venture capital firm based in Toronto, has raised $5 million in the first close of its latest fund, the Contango Blockchain x AI Fund. The fund's investors include high-profile individuals such as the CEO of Quantstamp, the CFO at SingularityNet, and the CEO at WonderFi, as well as early LPs in Digital Currency Group and Polychain Capital, and investors from VANTA DAO. For more information on the tech venture capital industry, visit VCWire.tech, our new website.

  • The Russian Central Bank supports the use of cryptocurrencies for international settlements and plans to promote the formulation of relevant bills

    According to Bitcoin.com, Russia supports expanding the types of currencies and payment methods for international settlements. Last week, the Governor of the Central Bank of Russia, Elvira Nabiullina, stated that the bank will support the acceleration of a bill that supports the use of cryptocurrencies for international payments. However, Nabiullina emphasized that these payments should be introduced under an experimental sandbox legal framework.It is reported that the institution has always opposed the circulation and use of cryptocurrencies for national payments because these assets are not controlled by national regulatory agencies. However, the country's central bank is open to its use for foreign settlements. In contrast, the use of national digital assets (also known as CBDC) for payments has been explored without any exploratory sandbox.

  • Tether issued $500 million in USDT yesterday and redeemed $181 million in USDT

    According to the latest data from ChainArgos, Tether (USDT) conducted a large-scale issuance and redemption activity on April 15th. A total of $500 million USDT was issued that day, while $181 million USDT was redeemed.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company