Blast ecosystem explosive rise: security risks beneath $2 billion TVL

robot
Abstract generation in progress

The Blast ecosystem is developing rapidly, but security risks still need to be vigilant.

Recently, Blast has attracted significant market attention as an emerging public chain project. With the conclusion of its "Big Bang" developer competition, Blast's locked amount (TVL) has shown explosive growth, exceeding the 2 billion dollar mark and securing an important position in the Layer 2 track.

The Blast team announced that the mainnet will be launched on February 29, which has further sparked discussions in the market. Many participants are looking forward to potential airdrop opportunities. However, with the rapid development of the ecosystem and the emergence of various projects, potential security risks have also arisen. This article will analyze the security risks and development opportunities of Blast from a technical perspective.

Blast Development History

Blast officially launched on November 21, 2023, quickly attracting widespread attention from the crypto community. Within just 48 hours of its launch, its locked-in volume surpassed $570 million, drawing in over 50,000 users to participate.

Last year, Blast received support through multiple rounds of financing. This included a $20 million investment from a well-known investment firm, as well as a $5 million investment from a Japanese cryptocurrency investment company.

As of February 25, a certain data platform shows that the total value of assets currently held by the Blast contract address has exceeded 2 billion dollars. Among them, approximately 1.8 billion dollars of ETH has been deposited into a certain staking protocol, and over 160 million dollars of DAI has been deposited into another lending protocol. This data fully reflects the popularity of Blast in the market.

The mainnet launch of Blast is imminent, analyzing the security risks and potential opportunities from a technical perspective

Unique Advantages of Blast

The standout feature of Blast is its ability to provide native yield for ETH and stablecoins, which is not available in other Layer 2 solutions. When users transfer ETH to other Layer 2s, they typically only lock their ETH in a smart contract and map the corresponding Layer 2 ETH. In contrast, Blast deposits users' ETH into a staking protocol to earn interest, while also introducing a new interest-bearing stablecoin USDB (which generates yield through the purchase of U.S. Treasury bonds) to the Blast network.

In addition, as a Layer 2 project launched by the team of a well-known NFT trading platform, Blast naturally possesses a traffic advantage. This team has previously distributed over $200 million in airdrops to platform users, accumulating a broad community base. By combining the current airdrop incentive program of Blast with marketing strategies that attract users to participate in staking through traffic fission.

The mainnet launch of Blast is imminent, a technical analysis of its existing security risks and potential opportunities

Security Risks Faced by Blast

Despite the rapid development of Blast, it has also faced numerous doubts and criticisms since its launch. On November 23, 2023, a developer relations engineer from a well-known public blockchain pointed out that the level of centralization of Blast could pose serious security risks to users. At the same time, he questioned the legitimacy of Blast classifying itself as a Layer 2 (L2) network, arguing that it does not meet the standard definition of L2 and lacks key functions such as transactions, cross-chain bridges, Rollup, or sending transaction data to Ethereum.

To gain a deeper understanding of the security of Blast, we conducted a detailed analysis of its Deposit contract code. The main findings highlighted the following risk points:

1. Centralization Risk

The most critical enableTransition function in the Blast Deposit contract is only callable by the contract administrator. This function takes the mainnetBridge contract address as a parameter, and the mainnetBridge contract can access all staked ETH and DAI.

In addition, the Blast Deposit contract can be upgraded at any time through the upgradeTo function. While this is primarily used to fix potential vulnerabilities, there is also the possibility of abuse. In contrast, a well-known Layer 2 project takes a more cautious approach to contract upgrades, requiring a 10-day delay for modifications under non-emergency circumstances, and decisions must be made by a protocol council composed of multiple members.

Blast mainnet launch is imminent, analyzing the security risks and potential opportunities from a technical perspective

2. Multi-signature Dispute

Upon investigation, the permissions of the Blast Deposit contract are controlled by a 3/5 multi-signature wallet. These 5 signature addresses are all newly created accounts from 3 months ago, and their identity information has not been disclosed. Since the entire contract is essentially a custodial contract protected by a multi-signature wallet, rather than a standard Rollup cross-chain bridge, it has raised concerns among the community and developers.

The Blast team acknowledged the existence of these security risks and stated that while immutable smart contracts are generally considered safer, they may conceal undiscovered vulnerabilities. Upgradable smart contracts also bring their own risks, such as contract upgrades and potential exploitative time locks. To mitigate these risks, Blast indicated that it will use multiple hardware wallets for management to avoid centralization risks.

However, the Blast team has not provided a clear answer to whether wallet management can effectively avoid the risks of centralization and phishing attacks, and whether there are sound management processes in place. It is worth noting that there have been multiple security incidents in the past where users lost assets due to improper private key management, even when the project used multi-signature wallets or MPC wallet technology.

On February 19, the Blast team carried out an update to the Deposit contract, primarily adding the Predeploys contract and introducing the IERC20Permit interface in preparation for the mainnet launch.

The mainnet launch of Blast is imminent, analyzing the security risks and potential opportunities at the technical level

Security Challenges Facing the Blast Ecosystem

On February 25, an anti-money laundering analysis platform detected a suspected RugPull incident in a GambleFi project within the Blast ecosystem, resulting in a loss of approximately 500 ETH. The project's official social media account is currently inaccessible.

Multiple investors openly shared their experiences of losses. They stated that they initially regarded the project as a promising investment opportunity, mainly due to endorsements from reputable projects and partners within the Blast ecosystem. However, the subsequent public fundraising phase turned into an unlimited round of financing, which raised their doubts about the project.

A certain on-chain analysis tool shows that most of the stolen funds from the GambleFi project have been transferred to different trading platforms, and a small amount of funds has been cross-chain transferred to other public chains.

The Blast mainnet launch is imminent, a technical analysis of its existing security risks and potential opportunities

In summary, although Blast shows strong development momentum, the security challenges it faces cannot be ignored. Investors need to remain vigilant when participating in related projects and comprehensively assess potential risks.

The mainnet launch of Blast is imminent, analyzing the security risks and potential opportunities from a technical perspective

BLAST14.95%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 6
  • Share
Comment
0/400
TestnetNomadvip
· 07-17 15:36
Is it another sucker harvesting machine?
View OriginalReply0
OnchainSnipervip
· 07-17 13:18
Isn't making money great?
View OriginalReply0
TokenEconomistvip
· 07-16 03:54
classic ponzi metrics tbh... high tvl doesn't equal safety
Reply0
MetaverseVagabondvip
· 07-16 03:48
This deal is too ridiculous.
View OriginalReply0
StealthMoonvip
· 07-16 03:31
Wow, two billion! That's really impressive!
View OriginalReply0
BlockchainFoodievip
· 07-16 03:30
smh this contract is like an overcooked steak... all that tvl but where's the proof-of-seasoning?
Reply0
Trade Crypto Anywhere Anytime
qrCode
Scan to download Gate app
Community
English
  • 简体中文
  • English
  • Tiếng Việt
  • 繁體中文
  • Español
  • Русский
  • Français (Afrique)
  • Português (Portugal)
  • Bahasa Indonesia
  • 日本語
  • بالعربية
  • Українська
  • Português (Brasil)