search
Homeweb3.0The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective

php editor Xinyi recently discovered that the Blast mainnet is about to be launched, which has attracted widespread attention. However, the security risks that come with it have also attracted much attention, and it is necessary for us to conduct an in-depth analysis of its technical aspects. At the same time, potential opportunities cannot be ignored. Let us explore the challenges and opportunities in this emerging field.

Recently, Blast has once again become a hot topic in the market. With the end of its "Big Bang" developer competition, its TVL has continued to soar, exceeding 2 billion US dollars in one fell swoop, occupying the top spot on the Layer 2 track. Have a place.

At the same time, Blast also announced that it will launch its mainnet on February 29, causing the public to continue to pay attention to it. After all, the "anticipation of airdrop" has successfully attracted most participants to watch. However, with the development of its ecology, various projects emerge one after another, which also leads to the frequent occurrence of various security risks. Today Beosin will explain to you the security risks and potential opportunities behind Blast’s strong start and the surge in TVL.

The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective

Blast development history

Blast is a new project launched by Blur founder Pacman on November 21, 2023, which quickly attracted attention in the encryption community. extensive attention. In just 48 hours of launch, the network has reached a total value locked (TVL) of $570 million and attracted over 50,000 users.

Blast received US$20 million in financing from major backers such as Paradigm and Standard Crypto last year, followed by another US$5 million investment from Japanese cryptocurrency investment company CGV in November last year.

According to DeBank data, as of February 25, the total value of assets in the Blast contract address has exceeded US$2 billion, of which approximately US$1.8 billion of ETH is deposited in the Lido protocol, and more than US$160 million of ETH is deposited in the Lido protocol. DAI is deposited into the MakerDAO protocol. This shows that Blast is extremely active in the market.

The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective

DeBank数据

Blast is unique in providing native yields on ETH and stablecoins, a feature not found in other Layer2 solutions. When users transfer ETH to other Layer2, these Layer2 will only lock the ETH into the smart contract and map the corresponding Layer2 ETH; while Blast will deposit the user's ETH into Lido to earn interest, and introduce a new interest-bearing stable currency USDB (the stable currency The currency will be used to purchase U.S. Treasury bonds through MakerDAO (the proceeds will be earned) to the Blast network.

Layer2 launched by the Blur team has unique traffic advantages. Blur has previously issued over $200 million in airdrops to users of its platform, so it has a large community base. At the same time, Blast is attracting users to participate in staking through airdrop rewards and using traffic fission marketing strategies to attract more users to join Blast. This method of organically combining traffic and airdrop incentives helps attract more users to participate and provides a stable user base for the development of Blast.

Blast Security Risks

Blast has been criticized and questioned since its launch. On November 23, 2023, Jarrod Watts, a developer relations engineer at Polygon Labs, tweeted that Blast’s centralization may pose serious security risks to users. At the same time, he also questioned Blast’s classification as a layer 2 (L2) network because Blast does not meet the L2 standard and lacks functions such as transactions, bridging, rollup, or sending transaction data to Ethereum.

How safe is Blast? What security risks exist? This time we used the BeosinVaaS tool to scan the Blast Deposit contract and combined it with the analysis of Beosin security experts to interpret the Blast Deposit contract code.

The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective##

BeosinVaaS
The Blast Deposit contract is an upgradeable contract. Its proxy contract address is 0x5F6AE08B8AeB7078cf2F96AFb089D7c9f51DA47d. Its current logical contract address is 0x0bD88b59D580549285f0A207Db5F06bf24a8e561. The main risk is Click as follows:

1. Centralization risk

Blast Deposit The most important enableTransition function of the contract can only be called by the admin address of the contract. In addition, this function takes the mainnetBridge contract address as a parameter, and the mainnetBridge contract can access all pledged ETH and DAI.

function enableTransition(address mainnetBridge) external onlyOwner { if (isTransitionEnabled) { revert TransitionIsEnabled(); }

_pause(); _setMainnetBridge(mainnetBridge); isTransitionEnabled = true;

LIDO.approve(mainnetBridge, type(uint256).max); DAI.approve(mainnetBridge, type(uint256).max);}

code:https://etherscan.io/address/0x0bd88b59d580549285f0a207db5f06bf24a8e561# code#F1#L230

In addition, the Blast Deposit contract can be upgraded at any time through the upgradeTo function. This is mainly used to fix contract vulnerabilities, but there is also the possibility of doing evil. At present, Polygon zkEVM has done a relatively complete job in upgrading the contract. Modifying the contract in non-emergency situations generally requires a 10-day delay, and contract modifications need to be decided by the 13-member Agreement Council.

function upgradeTo(address newImplementation) public virtual onlyProxy { _authorizeUpgrade(newImplementation); _upgradeToAndCallUUPS(newImplementation, new bytes(0), false); }

code:https://etherscan.io/address/ 0x0bd88b59d580549285f0a207db5f06bf24a8e561#code#F2#L78

2. Multi-signature dispute

Looking at the Blast Deposit contract, we can see that the permissions of the contract are controlled by a Gnosis Safe 3/5 multi-signature wallet 0x67CA7Ca75b69711cfd48B44eC3F64 Controlled by E469BaF608C. These 5 signature addresses are:

0x49d495DE356259458120bfd7bCB463CFb6D6c6BA

0xb7c719eB2649c1F03bFab68b0AAa35AD538a7cC8

0x1f97306039530ADB4173C 5 All addresses are new addresses created 3 months ago, and their identities are unknown. Since the entire contract is actually an escrow contract protected by a multi-signature wallet and not a Rollup bridge, Blast has been questioned by many from the community and developers.

Blast acknowledged this set of security risks and said that while immutable smart contracts are considered secure, they may hide undetected vulnerabilities. Upgradeable smart contracts also bring their own risks, such as contract upgrades and easily exploitable time locks. In order to mitigate these risks, Blast will use a variety of hardware wallets for management to avoid centralization risks.

However, Blast has not yet announced whether wallet management can avoid centralization and phishing attacks, and whether there is a complete management process. In the two previous security incidents of Ronin Bridge and Multichain, although the project parties used multi-signature wallets or MPC wallets, the centralization of private key management resulted in user asset losses.

On February 19, the Blast team made an update to the Deposit contract. This update mainly adds the Predeploys contract and introduces the IERC20Permit interface to prepare for the mainnet launch.

Blast Ecological Risk

On February 25, the Beosin KYT anti-money laundering analysis platform detected a suspected RugRull in the Blast Ecological GambleFi project Risk (@riskonblast), resulting in a loss of approximately 500 ETH. At present, its official X account does not exist. Investors such as

MoonCat2878 also shared their personal losses. MoonCat2878 recounts how they initially viewed RiskOnBlast as a promising investment opportunity after seeing reputable projects and partners from within the Blast ecosystem. However, the subsequent public sale turned into an uncapped financing round, which aroused their doubts about Risk as a GameFi project.

The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective

Beosin Trace monitoring shows that currently most of the stolen funds of the Blast ecological game Risk project have been transferred to different exchanges, and a small part of the stolen funds have crossed the chain to Arbitrum and Cosmos.

The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective

The above is the detailed content of The Blast mainnet is about to be launched, and its security risks and potential opportunities are analyzed from a technical perspective. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:PANews. If there is any infringement, please contact admin@php.cn delete
Gitcoin Labs, the primary software development unit of Ethereum public goods funding protocol Gitcoin is shutting downGitcoin Labs, the primary software development unit of Ethereum public goods funding protocol Gitcoin is shutting downApr 26, 2025 am 11:22 AM

The decision was made in part because a “path to profitability” was unrealistic, Gitcoin co-founder Kevin Owocki said in a statement.

RCO Finance (RCOF) Emerges as a Contender for the Next Top Crypto PickRCO Finance (RCOF) Emerges as a Contender for the Next Top Crypto PickApr 26, 2025 am 11:20 AM

The XRP price has stabilized at $2.13, with a 24-hour trading volume of $2.33 billion. However, its momentum has slowed, leaving investors seeking the next top crypto pick.

Bitcoin (BTC) Could Reach $1.5 Million per Coin by 2030, ARK Invest ProjectsBitcoin (BTC) Could Reach $1.5 Million per Coin by 2030, ARK Invest ProjectsApr 26, 2025 am 11:18 AM

Investor and CEO Cathie Wood's ARK Invest firm projects that Bitcoin could reach $1.5 million per coin by 2030

The Swiss National Bank has rejected holding bitcoin reserves, citing concerns over cryptocurrency market liquidity and volatility.The Swiss National Bank has rejected holding bitcoin reserves, citing concerns over cryptocurrency market liquidity and volatility.Apr 26, 2025 am 11:16 AM

"For cryptocurrencies, market liquidity, even if it may seem ok at times, is especially during crises naturally called into question"

As Trump Announces a 90-Day Delay for Tariffs on Cryptocurrency Imports, Speculators and Investors Begin to Outline Potential RisksAs Trump Announces a 90-Day Delay for Tariffs on Cryptocurrency Imports, Speculators and Investors Begin to Outline Potential RisksApr 26, 2025 am 11:14 AM

As the US President Donald Trump announced a 90-day delay for the tariffs on cryptocurrency imports, speculators and investors began to outline potential risks to the broader cryptocurrency market.

Spotting 'one small detail' on 50p coin from 2011 could earn you £2,000Spotting 'one small detail' on 50p coin from 2011 could earn you £2,000Apr 26, 2025 am 11:12 AM

This Olympics-themed coin is highly sought after by collectors if it features a specific design.

Brits are being urged to be on the lookout for a highly sought-after 50p coin that has the potential to be worth a staggering £2,000Brits are being urged to be on the lookout for a highly sought-after 50p coin that has the potential to be worth a staggering £2,000Apr 26, 2025 am 11:10 AM

This coin is highly prized by collectors if it features a specific design.

Spotting 'one small detail' on 50p coin from 2011 could earn you £2000Spotting 'one small detail' on 50p coin from 2011 could earn you £2000Apr 26, 2025 am 11:08 AM

This Olympics-themed coin is highly sought after by collectors if it features a specific design.

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Tools

WebStorm Mac version

WebStorm Mac version

Useful JavaScript development tools

mPDF

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),

EditPlus Chinese cracked version

EditPlus Chinese cracked version

Small size, syntax highlighting, does not support code prompt function

DVWA

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

SublimeText3 English version

SublimeText3 English version

Recommended: Win version, supports code prompts!