The Blast network, a Web3 protocol, has seen a significant surge in value since its launch, accumulating over $400 million in total value locked (TVL) in just four days. This remarkable growth has caught the attention of the blockchain community, but it also raises questions about the network’s security.
Jarrod Watts, a Polygon Labs developer relations engineer, recently expressed concerns about the security risks posed by the Blast network due to its centralization. He pointed out that the network may not be as decentralized as other layer 2 solutions like Optimism, Arbitrum, and Polygon. Watts’s main argument revolves around the fact that Blast network uses a 3/5 multisig setup, which means that if three out of five team members’ keys are compromised, an attacker could potentially steal all the crypto deposited into the network’s contracts.
In addition to the security concerns, Watts also questioned Blast network’s characterization as a layer 2 solution. He argued that the network simply accepts funds from users and stakes them into protocols like LIDO, without utilizing a bridge or testnet for these transactions. Watts further claimed that Blast network lacks a withdrawal function, meaning users have to trust that the developers will implement it in the future.
Watts highlighted another potential vulnerability within Blast network, specifically focusing on its “enableTransition” function. This feature allows any smart contract to be set as the “mainnetBridge”, enabling an attacker to steal users’ funds without even needing to upgrade the contract. While Watts did not believe that Blast network would lose its funds, he warned against sending funds to the network in its current state due to the perceived risks involved.
In response to the criticism, the Blast network team defended their protocol’s security measures. They argued that security is a nuanced concept and that no system can claim to be 100% secure. The team explained that upgradeable contracts, like the ones used in Blast network, actually provide a higher level of security compared to non-upgradeable contracts that may contain bugs. They also emphasized that the keys for the Safe account, used for contract upgrades, are stored in cold storage, managed by an independent party, and geographically separated – a precaution taken by other layer 2 solutions like Arbitrum, Optimism, and Polygon.
The criticisms faced by Blast network are not unique to the protocol. Other projects in the blockchain space have been subject to similar scrutiny. For example, the Stargate bridge and the Ankr protocol have both been criticized for their use of upgradeable contracts. These instances underscore the importance of ensuring robust security measures in blockchain projects and the potential risks associated with upgradeable contracts.
While the Blast network has achieved impressive growth in a short period, it has also attracted attention regarding its security. Critics argue that centralization and certain protocol functionalities present potential vulnerabilities. However, the Blast network team maintains that their security measures, which include upgradeable contracts and secure key storage, make the network as safe as other well-established layer 2 solutions. As the network continues to develop and release technical documents, it will be essential to monitor its progress and evaluate its security measures to ensure the protection of users’ funds.