Skip to content

Resonance weighs in on Blast third-party dependency and security issues

Resonance weighs in on Blast third-party dependency and security issues

Resonance, a comprehensive cybersecurity platform and software provider has weighed in on the security issues surrounding Blast, a highly anticipated Ethereum (ETH) Layer 2 solution.

The analysis, posted on Resonance’s Medium page, highlighted the potential vulnerabilities associated with Blast and emphasized the importance of robust security measures in ensuring the integrity of the ecosystem.

Blast funding and launch

Blast launched on February 29, 2024, promising an array of features, including points, airdrops, jackpots, native staking yields, and gas revenue sharing. 

Between its announcement in November 2023 and its subsequent launch, Blast accepted ETH deposits via a one-way bridge, offering native yield and Blast Points, which would ensure early adopters could participate in future airdrops.

Despite some criticism, Blast’s strategy proved effective. As of June 25, 2024, Blast’s Total Value Locked (TVL) stood at $3.16 billion, making it the fourth-largest Ethereum Virtual Machine (EVM) Layer 2.

Native yields for ETH and stablecoins

According to Resonance, Blast’s appeal lies chiefly in its native yield offering for ETH and stablecoins, which is based on auto-rebasing to enhance price stability and efficiency while mitigating market volatility.

For ETH, users can deposit onto Blast and receive liquid L2 tokens which are automatically staked into Lido staking pools, giving users a 4% interest rate. 

For stablecoins, users can bridge their stablecoins to Blast in exchange for USDB, Blast’s native stablecoin, generating yield through MakerDAO’s T-bill protocol at a 5% interest rate. 

In addition to yield generation, Blast promises users airdrop eligibility points based on their ETH/USDB balance and rewards dApps based on their TVL. 

Points and gold can also be earned through referrals.

Blast security concerns

As per the analysis provided by Resonance, Blast’s reliance on Lido and MakerDA, two 3rd-party DeFi protocols, introduces significant risks, one reason for this is that MakerDAO “has not published a security audit of their smart contracts in three years,” as mentioned in the report.

If Lido and MakerDAO yield protocols are compromised, associated user tokens would be at risk.

The lack of audits posed another issue, as almost 600 new vulnerabilities have been introduced to the NIST National Vulnerability Database since 2018.

Likewise, Blast’s LaunchBridge contract is not a roll-up bridge but a custodial contract protected by a 3/5 multi-signature address according to HTX Square. 

Jarrod Watts of Polygon Labs expressed additional concerns regarding multi-signature addresses, noting that their owners’ identities remain unknown. 

CryptoHopper also questioned the legitimacy of Blast’s claim of being a Layer 2, stating:

“Blast lacks the necessary validity proofs for an L2 state root and does not have an anti-fraud mechanism in place.”

The path forward

To mitigate security risks, Resonance claims, Blast must prioritize third-party integration security. 

Regular audits, bug bounty programs, and collaboration with proven partners to develop robust security standards are essential first steps, as are in-house security solutions (when possible).

Only by maintaining top-notch security standards and forging collaborative partnerships can Blast continue to build a secure and prosperous blockchain ecosystem.

Best Crypto Exchange for Intermediate Traders and Investors

  • Invest in cryptocurrencies and 3,000+ other assets including stocks and precious metals.

  • 0% commission on stocks - buy in bulk or just a fraction from as little as $10. Other fees apply. For more information, visit etoro.com/trading/fees.

  • Copy top-performing traders in real time, automatically.

  • eToro USA is registered with FINRA for securities trading.

30+ million Users
Securities trading offered by eToro USA Securities, Inc. (“the BD”), member of FINRA and SIPC. Cryptocurrency offered by eToro USA LLC (“the MSB”) (NMLS: 1769299) and is not FDIC or SIPC insured. Investing involves risk, and content is provided for educational purposes only, does not imply a recommendation, and is not a guarantee of future performance. Finbold.com is not an affiliate and may be compensated if you access certain products or services offered by the MSB and/or the BD

Read Next:

Finance Digest

By subscribing you agree with Finbold T&C’s & Privacy Policy

Related posts

Sign Up

or

By submitting my information, I agree to the Privacy Policy and Terms of Service.

Already have an account?

Services

IMPORTANT NOTICE

Finbold is a news and information website. This Site may contain sponsored content, advertisements, and third-party materials, for which Finbold expressly disclaims any liability.

RISK WARNING: Cryptocurrencies are high-risk investments and you should not expect to be protected if something goes wrong. Don’t invest unless you’re prepared to lose all the money you invest. (Click here to learn more about cryptocurrency risks.)

By accessing this Site, you acknowledge that you understand these risks and that Finbold bears no responsibility for any losses, damages, or consequences resulting from your use of the Site or reliance on its content. Click here to learn more.