The Blast team has responded to claims that its multisignature upgrade functionality makes it too centralized. Polygon Labs developer relations engineer Jarrod Watts raised concerns about the security risks posed by Blast’s centralization. However, Blast defended itself by stating that it is as decentralized as other layer 2 solutions like Optimism, Arbitrum, and Polygon.
Watts argued that Blast is just a 3/5 multisig and that if an attacker gains control of three out of five team members’ keys, they can steal all the crypto deposited into its contracts. He also claimed that Blast is not a layer 2 and lacks a withdrawal function, relying on users’ trust in the developers to implement it in the future. Watts further highlighted potential attack vectors in Blast, including the ability to set any smart contract as the “mainnetBridge” and steal users’ funds.
Despite these concerns, Watts stated that he did not believe Blast would lose its funds but cautioned against sending funds to Blast in its current state. The Blast team responded by emphasizing that security exists on a spectrum and that non-upgradeable contracts can also contain bugs. They asserted that their upgradeable contract approach, with keys stored in cold storage managed by an independent party, is highly effective in safeguarding user funds.
In summary:
– Blast network has gained over $400 million in TVL since its launch.
– Polygon Labs developer raised concerns about Blast’s centralization and security risks.
– Blast defended itself, claiming to be as decentralized as other layer 2 solutions.
– Concerns were raised about Blast’s multisignature upgrade functionality and lack of withdrawal function.
– The Blast team argued that their approach is effective in safeguarding user funds.
– Similar criticisms have been raised against other protocols with upgradeable contracts.