Web 3.0 Protocol Blast Network TVL Increase
Data from blockchain analytics platform DeBank shows that the Web 3.0 protocol Blast network has gained more than $400 million in total value locked (TVL) in the four days since its launch. However, Jarrod Watts, a developer relations engineer at Polygon Labs, raised security concerns in a Nov. 23 social media thread, citing centralization as a potential issue.
The Blast team responded to the criticism on their own X (formerly Twitter) account, without directly addressing Watts’ assertions. In their own thread, they stated that Blast is as decentralized as other Layer 2s, such as Optimism, Arbitrum and Polygon.
The official website for Blast network claims that it is the only Ethereum Layer 2 with native yield for ETH and stablecoins, and that users’ balances can be auto-compounded. Stablecoins sent to the network are converted into USDB, a stablecoin that auto-compounds through MakerDAO’s T-Bill protocol. The Blast team has yet to publish technical documents explaining how the protocol works, but they are set to release them when the airdrop occurs in January.
Watts’ original post argued that Blast may be less secure or decentralized than users realize, as it is allegedly “just a 3/5 multisig.” This means that if an attacker obtains three out of five team members’ keys, they can steal all the crypto deposited into its contracts.
Web 3.0 Investing and Its Potential Risks
If you’re looking to invest in Web 3.0, you need to understand its potential risks. According to Watts, the Blast contracts can be upgraded via a Safe (formerly Gnosis Safe) multisignature wallet account. This requires three out of five signatures to authorize any transaction, but if the private keys become compromised, the contracts can be upgraded to produce any code the attacker wishes. This could potentially result in the entire $400 million TVL being transferred to the attacker’s own account.
Contrary to what the development team of Blast claims, Watts believes it is not a layer 2. Instead, it simply “accepts funds from users” and “stakes users’ funds into protocols like LIDO” with no actual bridge or testnet being used. Furthermore, it has no withdrawal function, which means users must trust that the developers will eventually implement it.
In addition, Blast has an “enableTransition” function that can be used to set any smart contract as the “mainnetBridge,” which could allow an attacker to steal users’ funds without needing to upgrade the contract. Despite these attack vectors, Watts claimed he did not believe Blast would lose its funds. He stated, “Personally, if I had to guess, I don’t think the funds will be stolen.” Nevertheless, he warned that “I personally think it’s risky to send Blast funds in its current state.”
Therefore, before investing in Web 3.0, it is important to understand the potential risks involved. To learn more about Web 3.0, how it works, and how to create a website using it, you should do your own research.
Investing in Web 3.0
The Blast team stated in a thread from its X account that its protocol is as secure as other layer-2s. They argued that security is a spectrum and that a non-upgradeable contract is not necessarily more secure than an upgradeable one. To protect user funds, they use upgradeable contracts with keys stored in cold storage, managed by an independent third-party.
Similar criticisms have been made of other protocols, such as the Stargate bridge by Summa founder James Prestwich and the Ankr protocol. In the latter case, an employee with access to the deployer key was able to upgrade the smart contract, creating 20 trillion Ankr Reward Bearing Staked BNB (aBNBc) out of thin air.
For those looking to learn more about web 3.0 and how to invest in it, the Blast team recommends being aware of the nuances of security and how it is managed. Upgradeable contracts can be highly effective in safeguarding user funds, which is why protocols like Arbitrum, Optimism, and Polygon also use them.
Subscribe to our email newsletter to get the latest posts delivered right to your email.
Comments