Blast, the new Ethereum Layer 2 solution, has some security concerns, according to a research report by cybersecurity company Resonance Security. Blast has quickly gained traction in the crypto industry. It promises points, airdrops, jackpots, native staking yields, and gas revenue sharing. But Resonance says Blast should improve its security measures.

From its announcement to its launch, Blast accepted ETH deposits through a one-way bridge. This allowed users to accumulate native yield and Blast Points, promising early adopters entry into a future airdrop.

Alarming security flaws exposed in Ethereum L2 solution Blast — Source: L2Beat

Despite criticism from major financial backers like Paradigm, this strategy boosted Blast’s popularity. It attracted $600 million in its first week, reaching over $1 billion by January 2024. As of now, Blast’s total value locked (TVL) stands at $3.16 billion, making it the fourth-largest EVM L2.

Users can deposit ETH onto Blast in exchange for liquid L2 tokens. The deposited ETH is staked in Lido staking pools via Blast smart contracts, earning a 4% interest rate.

For stablecoins, users bridge them to Blast for USDB, Blast’s official stablecoin, which generates yield through MakerDAO’s T-bill protocol with a 5% interest rate. USDB can be redeemed for DAI when bridged back to Ethereum.

Blast Gold is awarded to dApps built on the chain, rewarding them for using Blast-native features, and is distributed manually every 2-3 weeks or during jackpot events.

Blast inherits security concerns

According to Resonance, Blast’s reliance on third-party DeFi protocols like Lido and MakerDAO introduces potential risks. If any yield-generating pools or protocols on these platforms are compromised, the associated tokens of Blast users will also be affected. This dependence on Lido and MakerDAO’s security to protect users’ funds could lead to financial issues for Blast users.

Security concerns found in Ethereum L2 solution Blast: Resonance Security — How Blast’s smart contract works. Source: L2Beat

Previously, HTX Square pointed out that Blast’s LaunchBridge contract (0x5f…a47d) is not a rollup bridge but a “custodial contract protected by a 3/5 multisig address.” Jarrod Watts of Polygon Labs also raised concerns about these multisig addresses, saying that they are newly created and their owners are unknown.

CryptoHopper questioned Blast’s claim of being an L2, stating, “Blast lacks the necessary validity proofs for an L2 state root and does not have an anti-fraud mechanism in place.” Resonance thinks Blast’s Risk Summary further corroborate these concerns.

Resonance also looked into Lido and MakerDAO’s security protocols. MakerDAO has not published a security audit of their smart contracts in three years, with some audits dating back five years.

This is concerning because smart contracts can be susceptible to newly discovered vulnerabilities and should be audited periodically. Resonance states that a quick query for smart contract CVEs in the NIST National Vulnerability Database returned 584 records published between 2018 and 2024. While specific contracts may not be susceptible to all these CVEs, they are likely susceptible to some.

Maintaining smart contract security requires a multi-faceted approach, including pre-deployment and periodic security audits and bug bounty programs.

“Regular communication and joint security testing can also help validate these standards and improve upon them over time.”

Resonance Security

Smaller projects need to be meticulous when choosing their third-party providers. Proactively vetting third-party options for strict security standards can save projects many headaches in the long run. If third-party options do not meet a project’s required standards, developing in-house solutions might be a safer alternative. As long as the project has the resources to do so.

This allows for complete control over the security. Forming partnerships or alliances with other projects can help collectively advocate for better security practices with larger third-party providers. A united front will have more influence than individual efforts, said Resonance.

Jai Hamid

Earn more PRC tokens by sharing this post. Copy and paste the URL below and share to friends, when they click and visit Parrot Coin website you earn: https://parrotcoin.net0

PRC Comment Policy

Your comments MUST BE constructive with vivid and clear suggestion relating to the post.

Your comments MUST NOT be less than 5 words.

Do NOT in any way copy/duplicate or transmit another members comment and paste to earn. Members who indulge themselves copying and duplicating comments, their earnings would be wiped out totally as a warning and Account deactivated if the user continue the act.

Parrot Coin does not pay for exclamatory comments Such as hahaha, nice one, wow, congrats, lmao, lol, etc are strictly forbidden and disallowed. Kindly adhere to this rule.

Constructive REPLY to comments is allowed

S/N	Instance	Amount	Limit
1	Your Earnings for Approved Comment	20,000 PARROT	30 per day
2	Your Earnings for reading news	5,000 PARROT	30 per day
3	Your Earnings for referring a visitor	30,000 PARROT	No limit
4	Your Earnings for daily site visit	3,000 PARROT	Once per day
5	Your Earnings for affiliate sales	Coming soon	No limit
6	Your Earnings for publishing new Post	20,000 PARROT	Once per day
7	Your Earnings for Affiliate Referrals	Coming soon	No Limit
8	Your earnings for freelance article	20,000 PARROT	Once per day
9	Your earnings for store product review	Coming soon	No limit

Blast inherits security concerns

PRC Comment Policy

Leave a Reply Cancel reply