The DeFi protocol Blast, based on Ethereum, has addressed security concerns in the crypto world by locking assets worth around $350 million, including ETH, USDT, and DAI, to ensure safety. The platform, which allows users to earn profits by depositing their assets in Lido, has experienced rapid growth. However, this growth has been overshadowed by urgent security issues due to the necessity of fundamental features such as testing environments, transactions, bridging, aggregation, or direct data transfer in Ethereum.
Critics, including Jarod Watts from Polygon Developer Relations, pointed out vulnerabilities in Blast’s code. Particularly, the protocol’s allowance of unlimited withdrawals for total deposited funds creates risks of mismanagement or misuse of locked assets. Watts emphasized that investors trust a small group’s honesty in protecting their funds and highlighted the absence of standard Layer 2 features.
This situation highlights the need for greater transparency and regulation in the developing DeFi sector. The “enableTransaction” feature in Blast’s code allows significant withdrawals without withdrawal limits by any External Owned Account (EOA) wallet. This feature puts users’ assets at risk and invites regulatory scrutiny by emphasizing the necessity of increased control in the crypto world.
In response to security concerns, Blast outlined its security model through its official X account (formerly known as Twitter). The protocol stated that it encompasses security in smart contracts, browsers, and physical dimensions. Blast emphasized the importance of upgradable smart contracts that provide compliance against potential security vulnerabilities and hack attacks, particularly in complex agreements, while acknowledging the risks associated with immutable smart contracts, which are generally considered more secure.
Blast also highlighted the use of multisig security, which is used by other Layer 2 solutions such as Arbitrum, Optimism, and Polygon. The protocol claims that each signature key in multisig setups is independently secured, stored in cold wallets, managed by independent parties, and geographically distributed. This approach aims to enhance the protocol’s resistance against various security threats.
To increase security, Blast plans to transfer one of its multisig wallets to a different hardware wallet provider within a week. This move aims to prevent dependence on a single hardware wallet type and reduce the risk of funds being compromised in case of a hardware-specific vulnerability. While Blast’s responses to the allegations raised some concerns, the crypto community continues to maintain a skeptical approach towards the protocol. Critics evaluate trust in multisig setups without time locks or full transparency unfavorably compared to traditional financial systems.