The Polygon community is celebrating a historic moment as the highly anticipated Polygon zkEVM Mainnet Beta goes live. During a live launch event, Ethereum co-founder Vitalik Buterin performed the symbolic first transaction, signifying the start of a new era in Web3 and Ethereum scaling.
Polygon zkEVM Mainnet Beta brings a host of features to the table:
✅ Permissionless and public
✅ Fast finality
✅ Open-source
✅ EVM-equivalent
The launch of Polygon zkEVM Mainnet Beta is a significant milestone, as it aims to scale the entire Ethereum developer ecosystem. As an EVM-equivalent, it allows existing smart contracts, developer tools, infrastructure, and more to be used seamlessly on the Polygon zkEVM.
Being permissionless, the platform is accessible to anyone, right from the outset. Several high-profile integrations are already in progress, including Lens, Balancer, Midnight Society, Oath of Peak, and infrastructure providers like Alchemy, ANKR, thirdweb, The Graph, and Sequence.
Despite the excitement surrounding this cutting-edge technology, security remains a top priority. Polygon zkEVM has been thoroughly audited by two independent security teams and internally by researchers at Polygon Labs. The Hexens’s security audit is publicly available, and Spearbit’s audit will be released once finalized. A security council will also be on standby to intervene in case of emergencies.
Polygon zkEVM Mainnet Beta Goes Live with 1 Million USD Bug Bounty
Polygon has implemented a robust bug bounty program, offering up to $1,000,000 for critical vulnerabilities, with rewards set to increase as the network matures.
The Polygon community’s enthusiasm and dedication have been instrumental in shaping the future of Ethereum scaling and defining the expanding frontiers of Web3. As the journey unfolds, the community looks forward to the innovations and breakthroughs that Polygon zkEVM Mainnet Beta will bring.
Bug bounties provide a critical barrier of protection for open-source blockchain networks by incentivizing researchers and white hat hackers to find and document vulnerabilities. Immunefi helps protect $60B worth of user funds and, to date, has processed more than $66M in payouts—a fraction of what would be lost were those vulnerabilities exploited.
For a full rundown on the process for reporting bugs and payouts, check out Immunefi’s landing page for Polygon zkEVM. In keeping with the built-in-public ethos of Polygon zkEVM, Polygon Labs has also made the completed audit report, by Hexens, available on GitHub. As additional audit reports are finalized, we’ll share those, too.
Bugs by Size, Bounties by Probability
As is standard, bounty payouts are tiered based on the level of vulnerability identified. Bug bounties in Web3 are dramatically repriced relative to Web2. This is a reflection of the volume of financial assets held in smart contracts, where code is king.
As emergent technology, ZK rollups (ZKR) present a unique challenge: The threat model is brand new. Because the prover in a ZKR uses math to attest that some valid state transition has occurred, a dishonest actor may look for missing constraints that allow them to trick the prover into generating illegitimate state transitions.
Generating these validity proofs also requires many moving parts. Pricing these parts is difficult. But the goal is that, as Polygon zkEVM matures, bounties will increase.
- Critical: up to $1,000,000
- High: $10,000 – $50,000
- Medium: $5,000
Scope, Eligibility, and Timeframe
At a high level, the bug bounty covers the smart contracts and blockchain for Polygon zkEVM. However, even an out-of-scope bug may be eligible for a bounty—researchers should submit any bug for review by Immunefi and the security team at Polygon Labs.
To be eligible for a bounty, you have to show your work. A proof of concept (PoC) is required—and if you include how to fix it, you may be eligible for a juicy bonus.
The timeframe for the bug bounty is indefinite. In Web3, bug bounties are a critical component of the software development lifecycle.
Finally, while much of this is standard to blockchain bug bounties, all aspiring participants should carefully review the details of the scope, eligibility, and timeframes available on Immunefi.
With the launch of Polygon zkEVM Mainnet Beta, the future of Ethereum is poised for unprecedented growth and expansion.
