Resonance, a comprehensive cybersecurity platform and software provider has weighed in on the security issues surrounding Blast, a highly anticipated Ethereum (ETH) Layer 2 solution.
The analysis, posted on Resonance’s Medium page, highlighted the potential vulnerabilities associated with Blast and emphasized the importance of robust security measures in ensuring the integrity of the ecosystem.
Blast funding and launch
Blast launched on February 29, 2024, promising an array of features, including points, airdrops, jackpots, native staking yields, and gas revenue sharing.
Picks for you
Between its announcement in November 2023 and its subsequent launch, Blast accepted ETH deposits via a one-way bridge, offering native yield and Blast Points, which would ensure early adopters could participate in future airdrops.
Despite some criticism, Blast’s strategy proved effective. As of June 25, 2024, Blast’s Total Value Locked (TVL) stood at $3.16 billion, making it the fourth-largest Ethereum Virtual Machine (EVM) Layer 2.
Native yields for ETH and stablecoins
According to Resonance, Blast’s appeal lies chiefly in its native yield offering for ETH and stablecoins, which is based on auto-rebasing to enhance price stability and efficiency while mitigating market volatility.
For ETH, users can deposit onto Blast and receive liquid L2 tokens which are automatically staked into Lido staking pools, giving users a 4% interest rate.
For stablecoins, users can bridge their stablecoins to Blast in exchange for USDB, Blast’s native stablecoin, generating yield through MakerDAO’s T-bill protocol at a 5% interest rate.
In addition to yield generation, Blast promises users airdrop eligibility points based on their ETH/USDB balance and rewards dApps based on their TVL.
Points and gold can also be earned through referrals.
Blast security concerns
As per the analysis provided by Resonance, Blast’s reliance on Lido and MakerDA, two 3rd-party DeFi protocols, introduces significant risks, one reason for this is that MakerDAO “has not published a security audit of their smart contracts in three years,” as mentioned in the report.
If Lido and MakerDAO yield protocols are compromised, associated user tokens would be at risk.
The lack of audits posed another issue, as almost 600 new vulnerabilities have been introduced to the NIST National Vulnerability Database since 2018.
Likewise, Blast’s LaunchBridge contract is not a roll-up bridge but a custodial contract protected by a 3/5 multi-signature address according to HTX Square.
Jarrod Watts of Polygon Labs expressed additional concerns regarding multi-signature addresses, noting that their owners’ identities remain unknown.
CryptoHopper also questioned the legitimacy of Blast’s claim of being a Layer 2, stating:
“Blast lacks the necessary validity proofs for an L2 state root and does not have an anti-fraud mechanism in place.”
The path forward
To mitigate security risks, Resonance claims, Blast must prioritize third-party integration security.
Regular audits, bug bounty programs, and collaboration with proven partners to develop robust security standards are essential first steps, as are in-house security solutions (when possible).
Only by maintaining top-notch security standards and forging collaborative partnerships can Blast continue to build a secure and prosperous blockchain ecosystem.
