Etherum-based L2 (Layer 2) protocol Blast has recently been making headlines for the massive fund inflow into the Dapp, even amidst transparency concerns. The Dapp has enjoyed quick success, amassing over $356 million in TVL (total value locked) as of this writing.
Transparency and Security Concerns Abound As Investments Pour In
Blast, a layer 2 defi protocol, has attracted investments worth over $356 million barely a few days after its launch. The Defi protocol, running on the Ethereum network, gained massive traction as investors bridged over $30 million in Ether and stablecoins just a few hours into its going live earlier this week.
Founded by Tiehun Roquerre alias Pacman and also the founder of NFT marketplace Blur, the platform stands out as “the only Ethereum L2 with native yield for ETH and stablecoins.”
However, investors and prominent industry observers have not held back from dropping their reservations about the project – based on transparency and security concerns.
Jarrod Watts, Developer relations engineer at Polygon Labs voiced out his concerns, stating that the protocol didn’t meet the requirements to be an L2.
“Blast is not an L2,” wrote Watts on X (formerly Twitter) “The Blast smart contract:
- Accepts funds from users.
- Stakes users’ funds into protocols like LIDO.
There’s no testnet, no transactions, no bridge, no rollup, and no sending of transaction data to Ethereum. It’s not an L2.”
Watts has been vocal about loopholes in Blast’s code that could hypothetically get investors’ funds stolen by first creating “an extremely simple smart contract” and setting it as the mainnetBridge contract, then having the smart contract “receive ALL of the staked ETH and DAI (over $200 million.”
Although realistically, he doesn’t think the funds will be stolen, he thinks is too much of a risk to send funds to Blast in their “current state.”
“So while I personally think it’s risky to send Blast funds in its current state, ultimately it’s your decision and I’m just here to share what I learned,” added Watts on X.
Crypto and Startup Attorney, Orlando Cosme also weighed in on Blast’s situation.
“Blast is proving regulators’ point. An onchain hedge fund controlled by a 3/5 anon multisig isn’t defi. It’s “trust me bro,” wrote Cosme on X
“And centuries of “trust me bro” is why financial regs exist. Crypto’s value add—and why crypto needs diff regs—is trust reduction. We can do better.”
What Could Blast’s 3/5 Multisig Potentially Mean for Investors?
Blast’s 3/5 Multisig implies that the protocol’s Safe contract which owns the Blast deposit contracts has 5 signers in its setup. However, only the majority i.e. 3/5 signers, are needed to execute transactions on behalf of the Safe contract.
The 3/5 signers are now the owner of the Blast Deposit contract, which consists of the proxy and implementation contracts. This proxy contract features functions like an “_upgradeTo,” which makes it possible for the “implementation contract’s logic to change,” according to Watt’s tweet on X.
The worst case scenario of this upgradability, according to Watts, is that “the owner (the multi-sig) changes the logic of the contract to something malicious.”
Although Blast has yet to release an official statement to address these security concerns, its community still keeps growing massively. We’re talking about over 37k community members as of the last 24 hours.