Skip to main content
The following lists the latest available public external assessments and certifications. For questions about security assessments, contact the security team.

Certifications

ISO/IEC 27001:2022

Polygon Labs has been certified since March 2024. Certificate: Schellman Certificate Directory (search for “Polygon Labs”) Scope: The ISO/IEC 27001:2022 certification covers the information security management system (ISMS) supporting Polygon Labs’ business of designing and developing blockchain scaling and interoperability solutions, including Polygon PoS Chain, Polygon CDK, and Agglayer, in accordance with the statement of applicability, version 1.3, dated October 6, 2025.

Polygon PoS chain

Bor and Heimdall

AuditorTypeReport
Informal SystemsSecurity auditView on GitHub

Bridge and staking contracts

AuditorTypeReport
MultipleSecurity auditsPoS Portal audits
MultipleSecurity auditsPoS contracts audits

POL token

AuditorTypeReport
ChainSecuritySecurity auditView on GitHub
SigmaPrimeSecurity auditView on GitHub

Agglayer

Agglayer smart contracts

AuditorTypeReport
Sigma PrimeSecurity auditView on GitHub
HexensSecurity auditView on GitHub
SpearbitSecurity auditView on GitHub

Vault Bridge smart contracts

AuditorTypeReport
Sigma PrimeSecurity auditView on GitHub
CertoraSecurity auditView on GitHub

CDK

Most CDK components have been reviewed as part of zkEVM’s audits.
ComponentAuditorTypeDate
Bridge serviceCobalt.ioPenetration testMarch 2025
Bridge UICobalt.ioPenetration testMarch 2025

Zero

AuditorTypeReport
Least AuthoritySecurity auditView on GitHub

zkEVM

AuditorTypeDateReport
VerichainszkEVM-Rom auditJanuary 2023View on GitHub
HexensSecurity auditN/AView on GitHub
SpearbitSecurity auditN/AView on GitHub