🎉 [Gate 30 Million Milestone] Share Your Gate Moment & Win Exclusive Gifts!
Gate has surpassed 30M users worldwide — not just a number, but a journey we've built together.
Remember the thrill of opening your first account, or the Gate merch that’s been part of your daily life?
📸 Join the #MyGateMoment# campaign!
Share your story on Gate Square, and embrace the next 30 million together!
✅ How to Participate:
1️⃣ Post a photo or video with Gate elements
2️⃣ Add #MyGateMoment# and share your story, wishes, or thoughts
3️⃣ Share your post on Twitter (X) — top 10 views will get extra rewards!
👉
Blast Mainnet is about to launch: In-depth analysis of the opportunities and risks behind the TVL breaking 2 billion.
The Blast Mainnet is about to go live, analyzing its security risks and potential opportunities.
Recently, Blast has once again become the market focus. With the conclusion of its "Big Bang" developer competition, its total locked value (TVL) continues to rise, breaking through the 2 billion dollar mark and occupying an important position in the Layer2 track.
Meanwhile, Blast announced that it will launch its Mainnet on February 29, attracting widespread attention. Although the "airdrop expectations" have drawn a large number of participants, the expansion of the ecosystem has also brought various projects and corresponding security risks. This article will delve into the strong start of Blast and explore the security risks and potential opportunities behind its soaring TVL.
Blast Development History
Blast was launched by Pacman on November 21, 2023, quickly attracting widespread attention in the crypto community. Within 48 hours of going live, the network TVL reached $570 million, attracting over 50,000 users.
Last year, Blast secured $20 million in funding from major investors like Paradigm and Standard Crypto. Subsequently, the Japanese cryptocurrency investment company CGV added an investment of $5 million.
As of February 25, data shows that the Blast contract address currently holds a total asset value of over $2 billion, including $1.8 billion in ETH deposited in the Lido protocol and over $160 million in DAI deposited in the MakerDAO protocol, highlighting its market popularity.
Reasons for the Blast
The uniqueness of Blast lies in its provision of native yield rates for ETH and stablecoins, a feature not found in other Layer 2 solutions. When users transfer ETH into Blast, it will deposit it into Lido for yield generation and introduce a new yield-generating stablecoin USDB (which gains returns by purchasing U.S. Treasury bonds through MakerDAO) into the network.
In addition, as a Layer 2 launched by the Blur team, Blast has built-in traffic advantages. Blur previously distributed over $200 million in airdrops to platform users, accumulating a broad community foundation. Blast is currently conducting airdrop incentives, attracting users to participate in staking through a traffic fission marketing strategy.
Blast Security Risks
Since its launch, Blast has faced criticism and skepticism. On November 23, 2023, Jarrod Watts, a developer relations engineer at Polygon Labs, pointed out that Blast's centralization could pose serious security risks to users. He also questioned Blast's claim to be a Layer 2 network, arguing that it does not meet L2 standards and lacks features such as transactions, bridging, Rollup, or sending transaction data to Ethereum.
Through the analysis of the Blast Deposit contract code, we have identified the following main risk points:
1. Centralization Risk
The key enableTransition function of the Blast Deposit contract can only be called by the contract admin address. This function takes the mainnetBridge contract address as a parameter, and the mainnetBridge contract can access all staked ETH and DAI.
In addition, the Blast Deposit contract can be upgraded at any time through the upgradeTo function. Although this is primarily used to fix contract vulnerabilities, there are also potential risks. In contrast, Polygon zkEVM has a more robust approach to contract upgrades, where modifications to the contract in non-emergency situations typically require a 10-day delay and must be decided by a protocol council consisting of 13 members.
2. Multi-signature dispute
The permissions for the Blast Deposit contract are controlled by a Gnosis Safe 3/5 multisig wallet. These 5 signing addresses were all created 3 months ago and their identities are unknown. Since the entire contract is essentially a custodial contract protected by the multisig wallet, rather than a Rollup bridge, Blast has faced scrutiny from the community and developers.
Blast acknowledged these security risks and stated that it will use multiple hardware wallets for management to mitigate centralized risks. However, Blast has not disclosed detailed information on whether wallet management can effectively avoid centralization and phishing attacks, as well as whether there are robust management processes in place.
On February 19th, the Blast team updated the Deposit contract, mainly adding the Predeploys contract and introducing the IERC20Permit interface to prepare for the Mainnet launch.
Blast Ecological Risks
On February 25, the monitoring platform detected that the GambleFi project Risk in the Blast ecosystem allegedly experienced a Rug Pull, resulting in a loss of approximately 500 ETH. The official social media account of the project is no longer available.
Multiple investors shared their personal loss experiences. Some investors indicated that they initially viewed RiskOnBlast as a promising investment opportunity, but the subsequent unlimited public financing raised doubts about the GameFi project.
Monitoring shows that most of the stolen funds from the Risk project have been transferred to different exchanges, and a small portion of the funds has been cross-chain transferred to Arbitrum and Cosmos.