Key Takeaways
Since Blast enabled deposits on Monday, November 21, users have transferred stablecoins and ETH worth over $400M to the platform in just 3 days.
An Ethereum Layer 2 designed to maximize staking yields, Blast is backed by the NFT marketplace Blur, alongside Venture Capital investors Paradigm and Standard Crypto. But although its high-profile supporters have helped the new platform attract users, the multi-signature Gnosis Safe that holds deposits has cybersecurity hawks concerned.
Blast’s deposit mechanism is governed by Ethereum smart contracts developed by the Blur founder, known pseudonymously as Pacman.
As Polygon developer Jarrod Watts has pointed out, this means Pacman could potentially have access to all funds deposited on the platform.
In an X thread exploring the topic, Watts observed that the ownership of the contract has been transferred to a multi-signature Gnosis Safe contract, which requires 3 out of 5 signatories to execute a transaction.
This is a common strategy among Web3 developers who want to gain the trust of users while maintaining a contract’s upgradability. By dividing signatures among parties, the use of Gnosis Safe contracts helps to build trust, while still maintaining the possibility of updating applications at a later date, providing enough signatories cooperate.
But although the practice is fairly standard, Watts flagged one major concern with Blast’s Gnosis signatories: “all 5 of these are pretty fresh wallets, with unknown owners.”
For their part, Blast and Pacman have been suspiciously silent on the matter.
Unlike other L2s, which have dedicated security councils made up of independent members holding one Gnosis signature each, there is no publicly available information explaining who has the power to amend Blast’s smart contract.
Despite condemning its security failings, Watts’ ultimate conclusion was more muted: “Personally, if I had to guess, I don’t think the funds will be stolen.” Moreover, he acknowledged that the idea for native L2 yields was genuinely original.
In an X thread, Pacman explained that Blast was largely inspired by existing limitations that have constrained Blur.
For example, they said the new L2 will lower NFT gas fees and enable “institutional-grade” perpetual futures contracts based on NFT floor prices.
Pacman also noted that once users deposit crypto assets in Blur’s bidding pool, they can no longer be staked to generate rewards. “This means that Blur users are losing money through depreciation.”
Although Blast was designed to solve this problem for Blur, the project’s founder said it will also be useful for other decentralized apps that face similar issues.
When users deposit ETH, they receive equivalent rebasing L2 tokens in return, while a Blast smart contract automatically stakes their deposit via Lido liquid staking pools. Meanwhile, users who bridge stablecoins receive USDB, Blast’s auto-rebasing stablecoin, which generates yields via MakerDAO’s on-chain T-Bill protocol.
Driven by an influx of Blur users, the $400M total value locked (TVL) on Blast puts on on par with major L2s like Base and zlSync Era. Considering its comparatively simple architecture, some critics have argued that it doesn’t deserve to be called an L2. But whatever its technical merits, Blast’s impressive inflows demonstrate a clear demand for what it offers.
In the end, the project is in its infancy. At the moment, governance issues and a lack of transparency threaten to limit its potential. But when withdrawals open in 3 months’ time, Blast is expected to debut more advanced features. Hopefully, it will also rectify the current security concerns.