{"id":598843,"date":"2023-11-25T00:36:59","date_gmt":"2023-11-24T21:36:59","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/blast-network-hits-400m-tvl-rebuts-claim-that-its-too-centralized\/"},"modified":"2023-11-25T00:36:59","modified_gmt":"2023-11-24T21:36:59","slug":"blast-network-hits-400m-tvl-rebuts-claim-that-its-too-centralized","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/blast-network-hits-400m-tvl-rebuts-claim-that-its-too-centralized\/","title":{"rendered":"# Blast network hits $400M TVL, rebuts claim that it\u2019s too centralized"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=840\/https:\/\/s3.cointelegraph.com\/uploads\/2023-11\/5d4efd48-ea1e-4136-955f-a6368737c5f0.jpg\" \/><\/p>\n<p itemprop=\"description\" class=\"post__lead\" data-v-8081b7b6> The Blast team responded to claims that its multisignature upgrade functionality makes it too centralized. <\/p>\n<p><\/p>\n<div class=\"post-content\" data-v-8081b7b6>Web3 protocol Blast network has <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/debank.com\/profile\/0x5f6ae08b8aeb7078cf2f96afb089d7c9f51da47d\">gained<\/a> over $400 million in total value locked (TVL) in the four days since it was launched, according to data from blockchain analytics platform DeBank. But in a Nov. 23 <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">social media<\/a> thread, Polygon Labs developer relations engineer Jarrod Watts claimed that the new network poses significant security risks due to centralization.<\/p>\n<p>The Blast team responded to the criticism from its own X (formerly Twitter) account, but without directly referring to Watts\u2019 thread. In its own thread, Blast claimed that the network is as decentralized as other layer 2s, including Optimism, Arbitrum and Polygon.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">On multisig security.<\/p>\n<p>Read this thread to understand the security model of Blast along with other L2s like Arbitrum, Optimism, and Polygon.<\/p>\n<p>\u2014 Blast (@Blast_L2) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Blast_L2\/status\/1728096087351914736?ref_src=twsrc%5Etfw\">November 24, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>Blast network claims to be \u201cthe only Ethereum L2 with native yield for ETH and stablecoins,\u201d according to marketing material from its official website. The website also states that Blast allows a user\u2019s balance to be \u201cauto-compounded\u201d and that stablecoins sent to it are converted into \u201cUSDB,\u201d a stablecoin that auto-compounds through MakerDAO\u2019s T-Bill protocol. The Blast team has not released technical documents explaining how the protocol works, but it says they will be published when the airdrop occurs in January.<\/p>\n<p>Watts\u2019 original post said Blast may be less secure or decentralized than users realize,\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/jarrodWattsDev\/status\/1727584394796323042\">claiming<\/a>\u00a0that Blast \u201cis just a 3\/5 multisig.\u201d If an attacker gets control of three out of five team members\u2019 keys, they can steal all of the crypto deposited into its contracts, he alleged.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">&#8220;Blast is just a 3\/5 multisig&#8230;&#8221;<\/p>\n<p>I spent the past few days diving into the source code to see if this statement is actually true.<\/p>\n<p>Here&#8217;s everything I learned:<\/p>\n<p>\u2014 Jarrod Watts (@jarrodWattsDev) <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/jarrodWattsDev\/status\/1727584394796323042?ref_src=twsrc%5Etfw\">November 23, 2023<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to Watts, the Blast contracts can be upgraded via a Safe (formerly Gnosis Safe) multisignature wallet account. The account requires three out of five signatures to authorize any transaction. But if the private keys that produce these signatures become compromised, the contracts can be upgraded to produce any code the attacker wishes. This means an attacker who pulls this off could transfer the entire $400 million TVL to their own account.<\/p>\n<p>In addition, Watts claimed that Blast \u201cis not a layer 2,\u201d despite its development team claiming so. Instead, he said Blast simply \u201caccepts funds from users\u201d and \u201cstakes users\u2019 funds into protocols like LIDO\u201d with no actual bridge or testnet being used to perform these transactions. Furthermore, it has no withdrawal function. To be able to withdraw in the future, users must trust that the developers will implement the withdrawal function at some point in the future, Watts claimed.<\/p>\n<p>Additionally, Watts claimed that Blast contains an \u201cenableTransition\u201d function that can be used to set any smart contract as the \u201cmainnetBridge,\u201d which means that an attacker could steal the entirety of users\u2019 funds without needing to upgrade the contract.<\/p>\n<p>Despite these attack vectors, Watts claimed he did not believe Blast would lose its funds. \u201cPersonally, if I had to guess, I don\u2019t think the funds will be stolen,\u201d he stated. But he also warned that \u201cI personally think it\u2019s risky to send Blast funds in its current state.\u201d<\/p>\n<p>In a thread from its own X account, the Blast team <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/Blast_L2\/status\/1728096087351914736\">stated<\/a> that its protocol is just as safe as other layer-2s. \u201cSecurity exists on a spectrum (nothing is 100% secure),\u201d the team claimed, \u201cand it\u2019s nuanced with many dimensions.\u201d It may seem that a non-upgradeable contract is more secure than an upgradeable one, but this view can be mistaken. If a contract is non-upgradeable but contains bugs, \u201cyou are dead in the water,\u201d the thread stated.<\/p>\n<p><em><strong>Related: <\/strong><strong>Uniswap DAO debate shows devs still struggle to secure cross-chain bridges<\/strong><\/em><\/p>\n<p>The Blast team claims the protocol uses upgradeable contracts for this very reason. However, the keys for the Safe account are \u201cin cold storage, managed by an independent party, and geographically separated.\u201d In the team\u2019s view, this is a \u201chighly effective\u201d means of safeguarding user funds, which is \u201cwhy L2s like Arbitrum, Optimism [and] Polygon\u201d also use this method.<\/p>\n<p>Blast is not the only protocol that has been criticized for having upgradeable contracts. In January, Summa founder James Prestwich argued that the\u00a0Stargate bridge had the same problem. In December 2022, the Ankr protocol was exploited when its smart contract was upgraded to allow 20 trillion Ankr Reward Bearing Staked BNB (aBNBc) to be created out of thin air. In the case of Ankr, the upgrade was performed by a former employee who hacked into the developer\u2019s database to obtain its deployer key.<\/p>\n<p><template data-name=\"subscription_form\" data-type=\"defi_newsletter\"><\/template><\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong>\n<\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">News<\/a> articles, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/general\/\" target=\"_blank\" rel=\"noopener\">General category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"http:\/\/cointelegraph.com\/news\/blast-network-hits-400-million-tvl-rebuts-centralization-claims\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Blast team responded to claims that its multisignature upgrade functionality makes it too centralized. Web3 protocol Blast network has gained over $400 million in total value locked (TVL) in the four days since it was launched, according to data from blockchain analytics platform DeBank. But in a Nov. 23 social media thread, Polygon Labs&#8230;<\/p>\n","protected":false},"author":1,"featured_media":598844,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/images.cointelegraph.com\/cdn-cgi\/image\/format=auto,onerror=redirect,quality=90,width=1200\/https:\/\/s3.cointelegraph.com\/uploads\/2023-11\/5d4efd48-ea1e-4136-955f-a6368737c5f0.jpg","fifu_image_alt":"","footnotes":""},"categories":[1],"tags":[74868,74891,74882,95119,133582,70375,70944],"class_list":["post-598843","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-defi","tag-ethereum","tag-hacks","tag-layer2","tag-staking","tag-cybersecurity","tag-hackers"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/598843","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=598843"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/598843\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/598844"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=598843"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=598843"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=598843"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}