Security reports
Polygon Labs periodically assesses the security of different technology and applications through extensive internal testing and external (public & private) engagements; such as code reviews, security audits, red team assessments and penetration testing. All technology and applications have been assessed multiple times to date. Security assessments continue as the network matures.
The following information relates to the latest available (and public) external assessments and certifications:
ISO/IEC 27001:2022 certification¶
Polygon Labs was awarded ISO 27001 certification in March of 2024.
Certificate¶
https://www.schellman.com/certificate-directory (search for “Polygon Labs”)
Scope¶
The scope of the ISO/IEC 27001:2022 certification is limited to the information security management system (ISMS) supporting Polygon Labs’ business of developing blockchain scaling solutions; which includes personnel, policies, procedures, standards, systems, endpoint devices, applications, data, and controls in accordance with the statement of applicability, version 1.2, dated October 11, 2023.
Portal¶
- Penetration testing assessment by Cobalt.io in Jan 2023.
POL Token¶
- Security audits by ChainSecurity & SigmaPrime: https://github.com/0xPolygon/pol-token/tree/main/audit.
POS¶
- Bor/Heimdal milestones audit by Least Authority: https://github.com/maticnetwork/bor/blob/develop/audit/audit-feature-milestones.pdf.
- POS portal audits: https://github.com/maticnetwork/pos-portal/tree/master/audits.
- POS contracts: https://github.com/0xPolygon/pos-contracts/tree/main/audit.
Unified bridge¶
- Security audits by Sigma Prime, Hexens & Spearbit: https://github.com/0xPolygonHermez/zkevm-contracts/tree/main/audits
zkEVM¶
- zkEVM-Rom security audit by Verichains in Jan 2023: https://github.com/0xPolygonHermez/zkevm-rom/tree/main/audits.
- Security audits by Hexens & Spearbit: https://github.com/0xPolygonHermez/zkevm-rom/tree/main/audits.
CDK¶
Most of components have been reviewed as part of zkEVM’s audits.
- Bridge service: Penetration testing assessment by Cobalt.io in March 2023.
- Bridge UI: Penetration testing assessment by Cobalt.io in March 2023.
Zero¶
- Security audits by Least Authority: https://github.com/0xPolygonZero/plonky2/tree/main/audits.