In just four days since its launch, the Web3 protocol Blast network has amassed over $400 million in total value locked (TVL), as per data from blockchain analytics platform DeBank.
However, concerns about the network’s security have been raised by Polygon Labs developer relations engineer Jarrod Watts in a November 23 social media thread.
Watts argues that Blast’s centralization poses significant security risks.
In response to Watts’ criticism, Blast issued a statement on its X (formerly Twitter) account, defending its decentralization claims.
They asserted that their network is as decentralized as other layer 2 solutions like Optimism, Arbitrum, and Polygon.
Blast network touts itself as “the only Ethereum L2 with native yield for ETH and stablecoins,” allowing users’ balances to be “auto-compounded” and stablecoins to be converted into “USDB,” a stablecoin that auto-compounds through MakerDAO’s T-Bill protocol.
However, technical documentation explaining the protocol’s workings has yet to be released, with the promise of publication accompanying an airdrop in January.
Watts’ original post raised concerns that Blast’s security is compromised as it relies on a 3/5 multisig mechanism.
If an attacker gains control of three out of five team members’ keys, they could potentially steal all the crypto deposited into its contracts.
Watts also pointed out that Blast contracts can be upgraded through a Safe (formerly Gnosis Safe) multisignature wallet account, requiring three out of five signatures.
READ MORE: Australian Tax Regulator’s Cryptocurrency Tax Guidance Leaves DeFi Users in the Dark
If these private keys are compromised, an attacker could upgrade the contracts and transfer the entire $400 million TVL to their account.
Furthermore, Watts contested Blast’s classification as a layer 2 solution, asserting that it merely “accepts funds from users” and “stakes users’ funds into protocols like LIDO” without utilizing a bridge or testnet for these transactions.
He also highlighted the lack of a withdrawal function, relying on trust in developers to implement it in the future.
Despite these vulnerabilities, Watts expressed doubt that funds would be stolen but cautioned against sending funds to Blast in its current state.
Blast defended its security posture, explaining that it employs upgradeable contracts to address potential vulnerabilities.
They emphasized the security measures in place, including storing Safe account keys in cold storage, managed by an independent party and geographically separated.
The debate over upgradeable contracts is not unique to Blast, as other protocols like Stargate and Ankr have faced similar concerns in the past.
In the case of Ankr, a former employee exploited an upgrade to create unauthorized tokens.
In conclusion, while Blast network has rapidly accumulated significant TVL, concerns about its security and decentralization persist, prompting a lively discussion in the crypto community.
Discover the Crypto Intelligence Blockchain Council
