Blast network Web3 protocolThere is a total of locked up money. (TVL) more than $400 million in four days since launch According to data from blockchain analytics platform DeBank
But in a social media thread on November 23, Polygon Labs development engineer Jarrod Watts claimed that the new network poses a significant security risk due to centralization.
The Blast team responded to the criticism on its own X (formerly Twitter) account, but did not directly reference Watts’ thread, claiming that the network is as decentralized as other Layer 2s, including Optimism, Arbitrum, and Polygon.
Blast network claims to be “the only Ethereum L2 that offers native returns for ETH and stablecoins,” according to information from its official website. The website also states that Blast allows users’ balances to be “auto-compounded” and the sent stablecoin will be converted to “USDB” which is a stablecoin that auto-compounds through MakerDAO’s T-Bill protocol.
The Blast team has not yet published a technical document explaining how the protocol works. But it says it will be released when the airdrop happens in January.
Blast launched on November 20. Over the past 4 days, the protocol’s TVL has increased from zero to more than $400 million.
Watts’ original post said Blast may be less secure or decentralized than users realize, withclaimthat Blast “only has a 3/5 multisig” if the attacker has control of the keys of three of the five team members They were able to steal all the crypto deposited in the contract.
According to Watts, Blast contracts can be upgraded through accounts. Safe’s (formerly Gnosis Safe) multi-signature signature requires three out of five signatures to authorize any transaction. But if the private keys that generate these signatures are compromised, the contract can be upgraded to create code that attackers need. want to get This means that the attackers were able to transfer the entire TVL $400 million to their own account.
Watts also claims that Blast “is not L2 or Layer 2,” despite the development team claiming it is. But Blast, on the other hand, only “recipients funds from users” and “commits user funds to protocols like LIDO,” without using an actual bridge or testnet to conduct these transactions. There is also no withdrawal function. To be able to withdraw in the future This makes users trust that developers will implement withdrawal functionality in the future.
Watts also claims that Blast has an “enableTransition” function that can be used to set smart contracts to “mainnetBridge,” which means attackers can steal all of a user’s funds without needing to upgrade the contract.
Team Blast confirmthat the protocol is as secure as any other Layer 2, with keys for Safe accounts “residing in independently managed cold storage and separated geographically” which, in the view of the team This is how It is “highly effective” in protecting user funds, and L2s such as Arbitrum, Optimism, Polygon also use this method.
refer : cointelegraph.com
picture cryptonews.com