In a whirlwind four days since its launch, the Blast network has surged to over $400 million in total value locked (TVL), marking a remarkable start for the Web3 protocol. However, the project has found itself under scrutiny, with claims that its multi-signature upgrade functionality introduces significant centralization risks.
Polygon Labs developer relations engineer Jarrod Watts raised concerns in a Nov. 23 social media thread, questioning the security of Blast and suggesting potential vulnerabilities. The Blast team, responding from their official account, vehemently defended the protocol’s decentralization, comparing it to other layer 2 solutions like Optimism, Arbitrum, and Polygon.
Blast’s Decentralization Debate Unfolds
Watts, in his critical assessment, argued that Blast’s security might be compromised due to its reliance on a 3/5 multi-signature setup. He posited that if an attacker gains control of three out of five team members’ keys, they could exploit the contracts and siphon off the entire $400 million TVL.
Watts further highlighted the ability to upgrade Blast contracts through a Safe multi-signature wallet, stressing the potential risk if private keys were compromised. Despite the concerns, Watts expressed skepticism about an actual loss of funds but cautioned against sending funds to Blast in its current state.
Protocol Functionality and Risks
Adding fuel to the debate, Watts contended that Blast might not qualify as a true layer 2 solution, emphasizing its lack of a bridge or testnet for transactions. He claimed that Blast merely accepts funds from users and stakes them into protocols like LIDO without a withdrawal function. Watts raised an alarm about a specific function, “enableTransition,” which could potentially be exploited to divert users’ funds. The Blast team, in response, underscored the nuanced nature of security in blockchain protocols, defending their use of upgradeable contracts and emphasizing the effectiveness of their key management strategy.
As Blast rapidly climbs in TVL, the debate surrounding its security and decentralization underscores the ongoing challenges faced by emerging Web3 protocols. While critics like Watts point out potential vulnerabilities, the Blast team asserts that their approach to security, including cold storage and independent key management, mirrors practices employed by other established layer 2 solutions. As the protocol gears up for an airdrop in January, the community awaits technical documentation to provide a clearer understanding of Blast’s inner workings. The tension between innovation and security in the rapidly evolving Web3 landscape continues to shape the discourse around projects like Blast.