search
Homeweb3.0The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective

php editor Xinyi recently discovered that the Blast mainnet is about to be launched, which has attracted widespread attention. However, the security risks that come with it have also attracted much attention, and it is necessary for us to conduct an in-depth analysis of its technical aspects. At the same time, potential opportunities cannot be ignored. Let us explore the challenges and opportunities in this emerging field.

Recently, Blast has once again become a hot topic in the market. With the end of its "Big Bang" developer competition, its TVL has continued to soar, exceeding 2 billion US dollars in one fell swoop, occupying the top spot on the Layer 2 track. Have a place.

At the same time, Blast also announced that it will launch its mainnet on February 29, causing the public to continue to pay attention to it. After all, the "anticipation of airdrop" has successfully attracted most participants to watch. However, with the development of its ecology, various projects emerge one after another, which also leads to the frequent occurrence of various security risks. Today Beosin will explain to you the security risks and potential opportunities behind Blast’s strong start and the surge in TVL.

The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective

Blast development history

Blast is a new project launched by Blur founder Pacman on November 21, 2023, which quickly attracted attention in the encryption community. extensive attention. In just 48 hours of launch, the network has reached a total value locked (TVL) of $570 million and attracted over 50,000 users.

Blast received US$20 million in financing from major backers such as Paradigm and Standard Crypto last year, followed by another US$5 million investment from Japanese cryptocurrency investment company CGV in November last year.

According to DeBank data, as of February 25, the total value of assets in the Blast contract address has exceeded US$2 billion, of which approximately US$1.8 billion of ETH is deposited in the Lido protocol, and more than US$160 million of ETH is deposited in the Lido protocol. DAI is deposited into the MakerDAO protocol. This shows that Blast is extremely active in the market.

The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective

DeBank数据

Blast is unique in providing native yields on ETH and stablecoins, a feature not found in other Layer2 solutions. When users transfer ETH to other Layer2, these Layer2 will only lock the ETH into the smart contract and map the corresponding Layer2 ETH; while Blast will deposit the user's ETH into Lido to earn interest, and introduce a new interest-bearing stable currency USDB (the stable currency The currency will be used to purchase U.S. Treasury bonds through MakerDAO (the proceeds will be earned) to the Blast network.

Layer2 launched by the Blur team has unique traffic advantages. Blur has previously issued over $200 million in airdrops to users of its platform, so it has a large community base. At the same time, Blast is attracting users to participate in staking through airdrop rewards and using traffic fission marketing strategies to attract more users to join Blast. This method of organically combining traffic and airdrop incentives helps attract more users to participate and provides a stable user base for the development of Blast.

Blast Security Risks

Blast has been criticized and questioned since its launch. On November 23, 2023, Jarrod Watts, a developer relations engineer at Polygon Labs, tweeted that Blast’s centralization may pose serious security risks to users. At the same time, he also questioned Blast’s classification as a layer 2 (L2) network because Blast does not meet the L2 standard and lacks functions such as transactions, bridging, rollup, or sending transaction data to Ethereum.

How safe is Blast? What security risks exist? This time we used the BeosinVaaS tool to scan the Blast Deposit contract and combined it with the analysis of Beosin security experts to interpret the Blast Deposit contract code.

The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective##

BeosinVaaS
The Blast Deposit contract is an upgradeable contract. Its proxy contract address is 0x5F6AE08B8AeB7078cf2F96AFb089D7c9f51DA47d. Its current logical contract address is 0x0bD88b59D580549285f0A207Db5F06bf24a8e561. The main risk is Click as follows:

1. Centralization risk

Blast Deposit The most important enableTransition function of the contract can only be called by the admin address of the contract. In addition, this function takes the mainnetBridge contract address as a parameter, and the mainnetBridge contract can access all pledged ETH and DAI.

function enableTransition(address mainnetBridge) external onlyOwner { if (isTransitionEnabled) { revert TransitionIsEnabled(); }

_pause(); _setMainnetBridge(mainnetBridge); isTransitionEnabled = true;

LIDO.approve(mainnetBridge, type(uint256).max); DAI.approve(mainnetBridge, type(uint256).max);}

code:https://etherscan.io/address/0x0bd88b59d580549285f0a207db5f06bf24a8e561# code#F1#L230

In addition, the Blast Deposit contract can be upgraded at any time through the upgradeTo function. This is mainly used to fix contract vulnerabilities, but there is also the possibility of doing evil. At present, Polygon zkEVM has done a relatively complete job in upgrading the contract. Modifying the contract in non-emergency situations generally requires a 10-day delay, and contract modifications need to be decided by the 13-member Agreement Council.

function upgradeTo(address newImplementation) public virtual onlyProxy { _authorizeUpgrade(newImplementation); _upgradeToAndCallUUPS(newImplementation, new bytes(0), false); }

code:https://etherscan.io/address/ 0x0bd88b59d580549285f0a207db5f06bf24a8e561#code#F2#L78

2. Multi-signature dispute

Looking at the Blast Deposit contract, we can see that the permissions of the contract are controlled by a Gnosis Safe 3/5 multi-signature wallet 0x67CA7Ca75b69711cfd48B44eC3F64 Controlled by E469BaF608C. These 5 signature addresses are:

0x49d495DE356259458120bfd7bCB463CFb6D6c6BA

0xb7c719eB2649c1F03bFab68b0AAa35AD538a7cC8

0x1f97306039530ADB4173C 5 All addresses are new addresses created 3 months ago, and their identities are unknown. Since the entire contract is actually an escrow contract protected by a multi-signature wallet and not a Rollup bridge, Blast has been questioned by many from the community and developers.

Blast acknowledged this set of security risks and said that while immutable smart contracts are considered secure, they may hide undetected vulnerabilities. Upgradeable smart contracts also bring their own risks, such as contract upgrades and easily exploitable time locks. In order to mitigate these risks, Blast will use a variety of hardware wallets for management to avoid centralization risks.

However, Blast has not yet announced whether wallet management can avoid centralization and phishing attacks, and whether there is a complete management process. In the two previous security incidents of Ronin Bridge and Multichain, although the project parties used multi-signature wallets or MPC wallets, the centralization of private key management resulted in user asset losses.

On February 19, the Blast team made an update to the Deposit contract. This update mainly adds the Predeploys contract and introduces the IERC20Permit interface to prepare for the mainnet launch.

Blast Ecological Risk

On February 25, the Beosin KYT anti-money laundering analysis platform detected a suspected RugRull in the Blast Ecological GambleFi project Risk (@riskonblast), resulting in a loss of approximately 500 ETH. At present, its official X account does not exist. Investors such as

MoonCat2878 also shared their personal losses. MoonCat2878 recounts how they initially viewed RiskOnBlast as a promising investment opportunity after seeing reputable projects and partners from within the Blast ecosystem. However, the subsequent public sale turned into an uncapped financing round, which aroused their doubts about Risk as a GameFi project.

The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective

Beosin Trace monitoring shows that currently most of the stolen funds of the Blast ecological game Risk project have been transferred to different exchanges, and a small part of the stolen funds have crossed the chain to Arbitrum and Cosmos.

The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective

The above is the detailed content of The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:PANews. If there is any infringement, please contact admin@php.cn delete
Ripple正在寻找加密货币ETF开发经理!福克斯记者:优先推出XRP现货ETF,接着是期货Ripple正在寻找加密货币ETF开发经理!福克斯记者:优先推出XRP现货ETF,接着是期货Jan 28, 2024 am 08:15 AM

在经过长达10年的反复拒绝后,美国证券交易委员会(SEC)终于批准了美国比特币现货ETF。这个决定引发了市场对推出其他加密货币ETF的期待,包括以太坊和XRP等。本站(120BTc.coM)将继续关注这一动态,为投资者提供及时的市场分析和信息。今日X账号@3TGMCrypto发现,Ripple正在纽约招聘一位资深经理人,主要负责推动与加密货币相关的ETF计划,这似乎意味着该公司有可能申请XRPETF。FoxBusiness记者:期货ETF是推出现货ETF的前置步骤社群对XRP期货ETF和现货ET

USDT属于什么币种深度解析USDT属于什么币种深度解析Jan 30, 2024 pm 02:13 PM

全称为Tether(泰达币)。是一种基于区块链技术的数字加密货币,也是一种稳定币。其特点是与法定货币美元一比一挂钩,即每枚USDT币的价值与1美元等值。

欧盟加大力度打击加密货币洗钱行为:对1000欧元以上的交易进行尽职调查欧盟加大力度打击加密货币洗钱行为:对1000欧元以上的交易进行尽职调查Jan 24, 2024 pm 12:30 PM

欧盟理事会今日宣布,与欧洲议会达成临时协议,就“打击洗钱的综合监管方案”部分内容达成一致。按照协议,所有加密货币公司将被要求对其客户进行尽职调查,以更有效地保护欧盟公民和金融体系免受洗钱和恐怖主义融资的威胁。这一举措旨在加强监管措施,确保洗钱和恐怖主义融资等非法活动得到更有效的打击。比利时财政部长VincentVanPeteghem表示,这项协议是欧盟新反洗钱体系的重要组成部分,旨在提高各国反洗钱和反恐融资体系的组织和协作能力。通过该协议,欧盟成员国将能够更好地合作,防止欺诈者、有组织犯罪分子和

机箱漏电是什么原因机箱漏电是什么原因Feb 20, 2024 pm 05:03 PM

机箱漏电是指计算机机箱在正常使用过程中出现电流泄露的情况。这可能会导致电流通过机箱的金属外壳传导到地面或其他部分,给使用者带来安全隐患。机箱漏电可能会造成设备损坏、短路、甚至触电伤害。机箱漏电的原因有多种可能性,以下是一些常见的原因:1.电源故障:机箱的电源是计算机系统的重要组成部分,如果电源本身出现故障,如电源过载、短路等,就有可能导致机箱漏电。此外,电源

彭博分析师预测:到2025年,加密货币将占据全球科技股市值的20%彭博分析师预测:到2025年,加密货币将占据全球科技股市值的20%Jan 23, 2024 pm 08:33 PM

比特币(BTC)价格今年迄今涨幅超过150%,整体加密货币市场市值达到1.6兆美元,年增超过110%,显示出今年币市的强劲复苏。JamieCoutts在X发文指出,他预测到2025年底,科技股将占据全球股票市场总额的25%,这一数字相较于过去十年翻了一倍。此外,他还预计加密货币市值将在2025年达到科技股市值的20%,即5年内增长5倍。他还认为,在未来1~2年内,科技和加密货币将成为投资组合中最重要的增持部分,直到流动性周期改变。山寨季将在明年Q2低点的1~1.5年内到来就在本月中,Coutts

Nginx TCP Multiplexing的安全隐患及优化Nginx TCP Multiplexing的安全隐患及优化Jun 10, 2023 pm 12:55 PM

Nginx是目前应用非常广泛的Web服务器和反向代理软件,它支持HTTP、HTTPS、SMTP、POP3等协议,并且常常被用来构建高性能的Web服务器集群。除此之外,Nginx也提供了TCP和UDP网络通信的模块,允许用户以反向代理的方式将客户端的TCP流量转发给应用服务器,从而实现TCP负载均衡和多个服务共享同一个IP地址和端口的功能。其中,NginxT

法拉利在美国接受使用加密货币付款,计划扩展到欧洲法拉利在美国接受使用加密货币付款,计划扩展到欧洲Oct 14, 2023 pm 09:13 PM

本站10月14日消息,据路透社报道,法拉利营销和商务主管透露,其在美国的豪华跑车已开始接受加密货币付款,并将根据富有客户的要求将该计划扩展到欧洲。绝大多数蓝筹公司都避开了加密货币,因为比特币和其他代币的波动性对于商业而言不切实际。不完善的监管和高能源消耗也阻碍了加密货币作为支付手段的传播。本站注意到,特斯拉于2021年开始接受比特币支付,但马斯克因环境问题而停止了这种支付方式。根据法拉利首席营销和商务官恩里科·加列拉(EnricoGalliera)的说法,为了尽量减少碳足迹,他们引入了新的软件和

USDT和比特币有什么区别USDT和比特币有什么区别Jan 30, 2024 pm 02:32 PM

区别:1、价值稳定性不同:比特币是一种波动性较高的加密货币,其价格可以在短时间内发生显著变化,而USDT作为稳定币,其价值保持与特定法定货币的固定比率,因此在价格上相对稳定;2、去中心化与中心化不同:比特币是一种去中心化的加密货币,而USDT是一种中心化的稳定币;3、发行量与供应量不同:比特币的供应量是有限的,只有2100万个,而USDT的供应量是根据市场需求动态变化的等等。

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Tools

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

SublimeText3 English version

SublimeText3 English version

Recommended: Win version, supports code prompts!

MinGW - Minimalist GNU for Windows

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

SublimeText3 Linux new version

SublimeText3 Linux new version

SublimeText3 Linux latest version

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.