Overview
Polygon zkEVM is a Layer 2 network of the Ethereum Virtual Machine (EVM), a zero-knowledge (ZK) rollup scaling solution. Polygon zkEVM uses a cryptographic primitive called a ZK proof to validate state transitions.
Polygon zkEVM is compatible with the EVM, supporting the majority of Ethereum EIPs, pre-compiles, and opcodes. Developers benefit from the seamless deployment of smart contracts, developer tools, and wallets that already work on Ethereum, but in an environment with significantly lower costs.
Protocol development highlights¶
The testnet for Polygon zkEVM launched with a complete ZK proving system and full transaction data availability in October 2022. The proving system for Polygon zkEVM uses a combination of eSTARK proofs and FRI that are then compressed using FFLONK SNARKs to create the final ZK proof.
Following the launch of the testnet, the code base for Polygon zkEVM underwent several security audits. These were among the first audits ever performed on a complete, in-production ZK proving system.
After the audits, Polygon zkEVM Mainnet Beta launched in March 2023. Since then, the zkEVM network has had two major upgrades: Dragon Fruit (ForkID5), in September 2023, and Inca Berry (ForkID6), in November 2023.
Security measures¶
The security measures taken by the zkEVM team for an upgrade are on par with Ethereum’s security standards as they involve the deployment of:
- An admin multisig contract to avoid having one account controlling upgrades,
- A timelock contract to give users sufficient time delay to withdraw before execution, and
- A transparent upgradeable proxy, from OpenZeppelin’s libraries of audited and battle-tested contracts.
The activation of the 10-day timelock for upgrading zkEVM’s smart contracts on Ethereum requires approval by the network’s Admin, a three-participant multisig that acts as a governance tool for the protocol. This is a Gnosis Safe with a ⅔ threshold.
In the event of an emergency that puts user funds at risk, the network’s Security Council may remove the 10-day timelock. In such an emergency, the network state stops advancing and bridge functionality is paused. The Security Council is an eight-participant multisig. This is a Gnosis Safe with a 6/8 threshold. Learn more about zkEVM upgradability.