This summary text is fully AI-generated and may therefore contain errors or be incomplete.
Web3 protocol Blast network has gained over $400 million in total value locked (TVL) since its launch on November 20. However, there have been concerns raised about the security and decentralization of the network. Polygon Labs developer relations engineer, Jarrod Watts, claimed that Blast poses significant security risks due to centralization. He pointed out that Blast is just a 3/5 multisig, meaning that if an attacker gains control of three out of five team members’ keys, they can steal all the crypto deposited into its contracts. Watts also questioned Blast’s claim of being a layer-2 network, stating that it simply accepts funds from users and stakes them into protocols like LIDO without using a bridge or testnet. He also highlighted that Blast lacks a withdrawal function, requiring users to trust that the developers will implement it in the future. Watts further pointed out that Blast contains an “enableTransition” function that can be used to set any smart contract as the “mainnetBridge,” potentially allowing an attacker to steal users’ funds without upgrading the contract. Despite these concerns, Watts does not believe that Blast will lose its funds but advises caution in sending funds to the protocol in its current state. In response, the Blast team defended the security of their protocol, stating that security exists on a spectrum and that non-upgradeable contracts can also have bugs. They emphasized that the keys for the Safe account, which allows contract upgrades, are stored in cold storage and managed by an independent party. The team believes this is an effective means of safeguarding user funds and points out that other layer-2 networks like Arbitrum, Optimism, and Polygon also use this method. It is worth noting that Blast is not the only protocol to face criticism for having upgradeable contracts, as other projects like Stargate bridge and Ankr have faced similar concerns in the past.