Blast Network, a newly launched Web3 protocol, has managed to secure over $400 million in total value locked (TVL) within just four days of its debut, as reported by DeBank, a blockchain analytics platform. However, Polygon Labs developer relations engineer Jarrod Watts expressed concern over the network’s security, citing substantial risks due to centralization in a Nov. 23 social media post.
In response to Watts' criticisms, the Blast team defended the network through their X (formerly Twitter) account. They asserted that their network boasts a level of decentralization akin to other Layer 2 solutions like Optimism, Arbitrum, and Polygon. According to the official website's marketing content, Blast Network prides itself on being the sole Ethereum L2 protocol offering native yields on ETH and stablecoins. They claim to allow for automatic compounding of user balances and convert stablecoins into "USDB," which automatically compounds via MakerDAO’s T-Bill protocol. However, comprehensive technical documents outlining the protocol's workings are yet to be released, and the team plans to unveil these during an airdrop scheduled for January.
Watts' concerns revolved around Blast Network's security and centralization risks. He alleged that Blast operates on a 3/5 multisig system and warned that if malicious entities controlled three-fifths of the team's keys, they could abscond with the cryptocurrency stored in their contracts, potentially the entire $400 million in TVL. Furthermore, he disputed Blast's classification as a Tier 2 protocol, claiming it merely accepts user funds and invests them in protocols like LIDO, lacking a proper bridge or testnet for transactions. He highlighted the absence of a withdrawal function, asserting that users are reliant on the developers to implement this feature in the future.
Additionally, Watts identified vulnerabilities within Blast, including an "enableTransition" function that, if utilized, could allow an attacker to transfer a user's funds without the need to upgrade the contract. Although Watts doubted the immediate loss of funds, he cautioned against investing in Blast's current state due to these identified vulnerabilities. Blast responded by stating that while their protocol uses upgradeable contracts, the keys to Safe accounts are kept in cold storage by separate parties, distributed geographically, and regarded as an effective means of safeguarding user funds – an approach used by other prominent Layer 2 solutions. The Blast team asserted that even though non-upgradeable contracts might seem more secure, they might contain undiscovered bugs, rendering them unusable if identified.
Furthermore, Blast is not the sole protocol criticized for having upgradeable contracts. Previously, Stargate Bridge and Ankr protocol faced similar concerns over vulnerabilities and exploits related to their smart contracts, underlining the broader concerns within the crypto space regarding the security and reliability of such systems.
