Smart contracts

Polygon Labs takes the following approach in regards to smart contract security.

Secure coding guidelines

Smart contract codebases must be organized, readable, and understandable across multiple developers and project phases.

Engineers tasked with developing such codebases follow industry-standard, secure coding practices and style guides, such as https://docs.soliditylang.org/en/latest/style-guide.html and https://github.com/coinbase/solidity-style-guide.

Internal assessments

Polygon Labs application security teams are composed of senior & staff security engineers that perform internal reviews on all code developed. This in-house expertise allows us to follow standard methodologies for assessments using available tooling for static analyzing, line-by-line manual reviews, fuzzing, and formal verification where applicable.

External assessments

After internal reviews, and based on a risk assessment, new smart contracts and major changes/upgrades are sent to reputable, tier 1 security consultancy organizations for a formal external security assessment. Polygon Labs periodically rotates vendors to ensure an unbiased view of the code.

Polygon Labs’ public reports are located here: Security reports.