The Blast team responded to claims that it’s multi-signature upgrade functionality makes it too centralized.
Web3 protocol Blast network has gained over $400 million in total value locked (TVL) in the four days since it was launched, according to data from blockchain analytics platform DeBank. But in a Nov. 23 social media thread, Polygon Labs developer relations engineer Jarrod Watts claimed that the new network poses significant security risks due to centralization.
The Blast team responded to the criticism from its own X (formerly Twitter) account, but without directly referring to Watts’ thread. In its own thread, Blast claimed that the network is as decentralized as other layer-2s, including Optimism, Arbitrum, and Polygon.
On multisig security.
— Blast (@Blast_L2) November 24, 2023
Read this thread to understand the security model of Blast along with other L2s like Arbitrum, Optimism, and Polygon.
Blast network claims to be “the only Ethereum L2 with native yield for ETH and stablecoins,” according to marketing material from its official website. The website also states that Blast allows a user’s balance to be “auto-compounded” and that stablecoins sent to it are converted into “USDB,” a stablecoin that auto-compounds through MakerDAO’s T-Bill protocol. The Blast team has not released technical documents explaining how the protocol works, but say they will be published when the airdrop occurs in January.
Blast was released on Nov. 20. In the intervening four days, the protocol's TVL has gone from zero to over $400 million.
Watts' original post says Blast may be less secure or decentralized than users realize, claiming that Blast “is just a 3/5 multisig.” If an attacker gets control of three out of five team members’ keys, they can steal all of the crypto deposited into its contracts, he alleged.
"Blast is just a 3/5 multisig..."
— Jarrod Watts (@jarrodWattsDev) November 23, 2023
I spent the past few days diving into the source code to see if this statement is actually true.
Here's everything I learned:
According to Watts, the Blast contracts can be upgraded via a Safe (formerly Gnosis Safe) multi-signature wallet account. The account requires three out of five signatures to authorize any transaction. But if the private keys that produce these signatures become compromised, the contracts can be upgraded to produce any code the attacker wishes. This means an attacker who pulls this off could transfer the entire $400 million TVL to their own account.
In addition, Watts claimed that Blast “is not a layer 2,” despite its development team claiming so. Instead, Blast simply “[a]ccepts funds from users” and “[s]takes users' funds into protocols like LIDO,'' with no actual bridge or testnet being used to perform these transactions. Furthermore, it has no withdrawal function. To be able to withdraw in the future, users must trust that the developers will implement the withdrawal function at some point in the future, Watts claimed.
Additionally, Watts claimed that Blast contains an “enableTransition” function that can be used to set any smart contract as the “mainnetBridge,” which means that an attacker could steal the entirety of users’ funds without needing to upgrade the contract.
Despite these attack vectors, Watts claimed that he does not believe Blast will lose its funds. “Personally, if I had to guess, I don't think the funds will be stolen” he stated, but also warned that “I personally think it's risky to send Blast funds in its current state.”
In a thread from its own X account, the Blast team stated that its protocol is just as safe as other layer-2s. “Security exists on a spectrum (nothing is 100% secure)” the team claimed, “and it's nuanced with many dimensions.” It may seem that a non-upgradeable contract is more secure that an upgradeable one, but this view can be mistaken. If a contract is non-upgradeable but contains bugs, “you are dead in the water,” the thread stated.
Related: Uniswap DAO debate shows devs still struggle to secure cross-chain bridges
The Blast team claims the protocol uses upgradeable contracts for this very reason. However, the keys for the Safe account are “in cold storage, managed by an independent party, and geographically separated.” In the team's view, this is a “highly effective” means of safeguarding user funds, which is “why L2s like Arbitrum, Optimism, Polygon” also use this method.
Blast is not the only protocol that has been criticized for having upgradeable contracts. In January, Summa founder James Prestwich argued that Stargate bridge had the same problem. In December, 2022, Ankr protocol was exploited when its smart contract was upgraded to allow 20 trillion Ankr Reward Bearing Staked BNB (aBNBc) to be created out of thin air. In the case of Ankr, the upgrade was performed by a former employee who hacked into the developer’s database to obtain its deployer key.