Lost in Translation: Polygon Bridge’s Unclaimed Millions

At Zengo – the non-custodial MPC wallet with no private key – we are preparing to add support for  Polygon’s POS chain (AKA Polygon or MATIC). This will allow Zengo users to enjoy Web3 DeFi and NFTs with lower gas fees, and offer all Polygon users a wallet with 10x more security than traditional wallets currently supporting Polygon. One of the key elements of Polygon’s success is its bridging technology, allowing users to virtually move assets (such as NFTs and tokens) from the Ethereum blockchain to the Polygon blockchain and vice versa.

Coming Soon! TM 😉

As part of our ongoing research on blockchains and their security features, we investigated the inner workings of Polygon’s bridge. There, we discovered millions of USD of forgotten bridged tokens that have not been claimed by their owners. As a result of this research we were able to help a whale user reclaim $2M of funds, together with the Polygon team.

In this blog we dive into the inner workings of the Polygon bridge, successfully verify its financial soundness by leveraging some newly-developed Dune Analytics capabilities, discuss the phenomena of forgotten funds, and show how they can be claimed by their rightful owners.

How the Polygon Bridge Works

To bridge assets between Ethereum and Polygon, users must rely on a dapp, like the official Polygon bridge.

The Polygon Bridge Dapp (https://wallet.polygon.technology/bridge)

But what happens behind the scenes of this dapp, how does it work?

When users want to transfer an asset from Ethereum to Polygon (AKA “deposit”), say 100 USDT, they send it to a contract deployed by Polygon on the Ethereum blockchain and this contract emits an event. Polygon validator nodes are monitoring for such events and when they find them, they mint the appropriate amount/asset (100 USDT) on the Polygon blockchain and send it to the user’s address. The user’s Polygon address remains the same address as on Ethereum.

Therefore as users, in order to bridge an Ethereum based token to Polygon, we send just a single transaction on Ethereum and after a while the tokens will appear in our wallet on the Polygon side.

Once that token is on the Polygon side, users can engage in whatever form of DeFi they choose and enjoy Polygon’s lower fees and faster completion times. The value of the bridged USDT on the Polygon side remains the same as it was on the Ethereum side, as it’s 1:1 backed by original Ethereum USDT, held by the Polygon’s Ethereum contract.

Let’s assume that after a while, our users profit and now want to bridge their newly earned 200 USDT back to Ethereum (AKA “withdraw”). The process is similar in nature, but a bit different in details.

First, the user has to “burn” (send to the 0 address) their USDT Polygon tokens. As before, Polygon validators are monitoring for such burn events on the Polygon network, accumulate, and aggregate a few of such burns over a period of time and update the Polygon Ethereum side with this aggregated information.

But unlike Polygon deposits, when a user withdraws their assets back to the Ethereum side, they need to send an additional Ethereum transaction to claim their USDT from the Polygon Ethereum contract. The claim transaction contains a cryptographic proof that the withdrawer actually burned their tokens on the Polygon side. Once the contract gets the proof, it validates it and sends the tokens to the withdrawer address on Ethereum. 

Summing up, the deposit side (Ethereum → Polygon) is a one click process that takes a few minutes. However, the withdrawal side (Polygon → Ethereum) is a two step process, and may take a few hours between the first step and the availability of the final step.

Verifying the Financial Soundness of Polygon Bridge

The financial soundness of the bridge stems from the fact that for each asset minted on the Polygon side of the bridge, Polygon’s contract on the Ethereum side holds the appropriate amount – given recent news with custodial exchanges and phantom assets, you might consider this inquiry as an attempt to confirm a blockchain’s “Proof of reserves”

Luckily, unlike with centralized exchanges, in DeFi all information is available on the blockchain and we can easily and directly verify it without trusting an obscure proof of reserve document.

Using Etherscan we can see that the Polygon contract holds (as of November 13th, 2022) more than a $7 billion worth of ERC20 tokens alone (without taking into account ETH and NFTs).

When we compared the numbers across the bridge, we were happy to find out that the Ethereum side always had more tokens than the Polygon side, meaning that all of the tokens that were bridged to Polygon are indeed properly backed by Ethereum tokens.

However, we noticed a big surplus of about 1% extra token on the Ethereum side, which required an explanation.

For example: On November 13th, USDT on the Polygon side had 675M units (see below) while the Ethereum side had 683M units (see above).

$675M Polygon Bridged USDT on November 13th, 2022 (Source: Polygonscan)
Polygon bridge ERC20 holdings greater than $7B, on November 13th, 2022 (Source: Etherscan)

We verified that the same phenomena of 1% differences repeat on other major assets such as USDC, ETH, DAI.

Difference in main asset balances across the bridge (as of November 25, 2022)
Difference in main asset balances across the bridge (as of November 25, 2022)

While 1% may not sound like much, when dealing with $7B sums it can be material.

Forgotten Funds Analysis

To spot the missing funds, we tried to match burned transactions on the Polygon side with their counterpart claim transactions on the Ethereum side. To do so, we took advantage of a new query engine recently developed by Dune Analytics that allows cross-chain queries.

Unclaimed USDT Dune Analytics query (see https://dune.com/queries/1536897)

Using this query, we were able to verify that indeed there were more withdraw calls on the Polygon side than the expected counterpart claim calls on the Ethereum side. As the screenshot above shows, there were about 3000 withdraw calls that are unmatched to a claim just for USDT.

We have since developed and are happy to share a generic Dune Analytics query that supports any bridged ERC20 pair. 

Our generic Dune Analytics query that supports any Polygon bridged ERC20 pair

Holidays came early: Saving $2M for user 007

Looking deeper into individual cases we found many interesting examples. For example, this mysterious user (appropriately abbreviated to 0x007) made two withdraws of both Wrapped ETH and Wrapped BTC on Polygon, each of them worth more than $1M over half a year ago but still have not claimed it on the Ethereum side.

Burning on Polygon (sending to the “0” address) but never claiming on the Ethereum side

We can see that this user was still active on Ethereum a month later, so we can rule out key loss as the reason for not claiming the funds.

To make sure that indeed these funds can be claimed by the user, we simulated the claiming transaction on a simulation platform that can ignore we are not user 0x007, providing it with the appropriate burn proof and were able to claim the $1M lost ETH, meaning the original user can do it too.

Although it’s hard to imagine how someone can just “forget” about millions of USD, we assume that it might be related to the fact that additional transactions are required and that the funds are not claimable immediately, therefore creating room for such mistakes.

When we reported our findings to the Polygon team on November 23rd, 2022, they sent the relevant claiming transactions to the user, releasing $2M from the Polygon bridge to that user’s account. It’s worth noting that any altruistic user willing to pay the gas price, not just Polygon, could claim the unclaimed funds and move them to the original withdrawing account.

007’s account reunited with their $2M unclaimed funds on November 23rd (Source: Debank )

We could only imagine that it was a very nice surprise for 007, waking up and finding an extra $2M in their Ethereum account!

Summing up

The Polygon blockchain and its bridging capabilities can be very useful to users. Bridging from Ethereum is quite straightforward, however bridging back might be more cumbersome to users, currently resulting in potential losses currently valued in millions of USD.

Luckily, nothing is permanently lost! If you have such unclaimed bridge funds, feel free to reach out to us and we will try to help you get your money back!

In the meantime…

  • Follow Zengo on Twitter for latest updates: @Zengo
  • Learn more about Zengo X, our open-source MPC library, and github here.