The recently launched Web3 protocol, Blast Network, has rapidly reached a Total Value Locked (TVL) of over $400 million within four days of its inception, according to data from DeBank. Despite this impressive milestone, the platform faced criticisms from Polygon Labs developer relations engineer, Jarrod Watts, who raised concerns about potential security risks and centralization.
Watts, in a social media thread on November 23, expressed apprehension about Blast Network’s security due to what he described as a significant level of centralization. Specifically, he asserted that the network operates with a 3/5 multisignature setup, implying that control over three out of five team members’ keys could potentially enable a malicious actor to seize all deposited crypto funds.
One of Watts’ primary points of contention was the Blast contracts’ ability to be upgraded through a Safe (formerly Gnosis Safe) multisignature wallet account, which requires three out of five signatures for authorization. According to Watts, this setup could pose a security risk if the private keys generating these signatures were compromised, as it could allow an attacker to upgrade the contracts and gain control over the funds.
Moreover, Watts argued that Blast Network lacks certain characteristics of a typical Layer 2 solution, claiming that it essentially accepts funds from users and stakes them into protocols like LIDO without employing a bridge or testnet for these transactions. He also noted the absence of a withdrawal function, requiring users to trust the developers to implement it in the future.
Watts pointed out that Blast Network includes an “enableTransition” function, which can designate any smart contract as the “mainnetBridge.” He contended that this could expose users’ funds to potential exploitation by an attacker.
In response to these criticisms, the Blast Network team defended the protocol’s security, asserting that it is as decentralized as other Layer 2 solutions such as Arbitrum, Optimism, and Polygon. They argued that security exists on a spectrum and highlighted the nuanced nature of security considerations. The team acknowledged the use of upgradeable contracts but emphasized that the keys for the Safe account are stored in cold storage, managed by an independent party and geographically separated, providing effective protection for user funds.
Despite the concerns raised, Blast Network’s rapid accumulation of $400 million in TVL indicates a strong early adoption and interest in the protocol within the decentralized finance (DeFi) space. The ongoing discussions around Blast Network’s security model may prompt the platform to provide additional documentation and transparency to address the community’s apprehensions.