Polygon Zero and Matter Labs square off over open-source norms
Polygon Zero is alleging Matter Labs failed to properly attribute code in its Boojum upgrade for zkSync
photogl/Shutterstock, modified by Blockworks
A dispute has erupted in the open-source community, with the Polygon Zero team, a branch of the Polygon project, accusing rival Matter Labs of appropriating significant amounts of source code without adequate attribution.
The crux of the disagreement centers around the new proving system developed by Matter Labs called Boojum.
Polygon alleges that the system incorporates a considerable amount of code from Plonky2, their open-source library designed for optimizing zero-knowledge-proof systems, according to a blog post published by Polygon Zero on Thursday.
They further claim that Matter Labs has misrepresented the origin and performance of Boojum, both in attributing the original developers and in claiming superior speed to Plonky2.
Matter Labs is known for the development of zkSync, a trustless scaling solution for Ethereum based on zero-knowledge proof technology. The pair first announced their public testnets based on zero-knowledge tech back in October with Polygon first out of the gate.
Alex Gluchowski, co-founder of Matter Labs, dismissed Polygon’s allegations as “unfounded, misleading, and extremely disappointing,” in a detailed rebuttal on social media.
Gluchowski also outlined several key points to refute the allegations, underlining that only about 5% of Boojum’s code is based on Plonky2’s.
“The reader of the Polygon Zero post is left with the impression that Boojum is largely using Plonky2 code with little innovation, and that we allegedly re-used this code without providing any attribution to the original work.” These claims “could not be further from the truth,” Gluchowski stated.
The co-founder further clarified that Matter Labs’ team introduced RedShift, the cryptographic proof system on which both Plonky2 and Boojum are based, three years prior to the former’s release paper, something which he has publicly noted before.
A clear attribution for the reused code is provided in the main file of the module, Gluchowski added, with additional acknowledgments to Plonky2 made in the README file and the introductory post.
Polygon had earlier stressed the importance of maintaining integrity in the open-source ecosystem, per the post.
Disregarding open-source norms can damage innovation and collaboration among developers, especially for smaller teams heavily reliant on the benefits of open-source contributions, Polygon Zero argues.
Louis Guthmann, ecosystem lead at StarkWare, clarified to Blockworks that the issue is Matter Labs’ “did not have attribution in the right place, which is breaking the license.”
But Michael Lewellen, a security solutions architect at OpenZeppelin, which has an ongoing auditing contract with Matter Labs, said any shortcoming in attribution was “unintentional.”
“They didn’t include ALL the information that an official attribution should have: original license, link to original code, etc.,” Lewellen, told Blockworks.
Gluchowski acknowledged the deficit but suggested a more cooperative approach, saying, “If the Polygon Zero team wanted additional credit, the easiest way would have been to submit a pull request which we would have happily accepted.”
A Polygon spokesperson told Blockworks that Polygon had indeed submitted a pull request on Github.
Macauley Peterson contributed reporting.
Updated, Friday Aug. 4, 2023 at 9:40 am ET with additional comments and context.
Don’t miss the next big story – join our free daily newsletter.