Blast Blockchain is an optimistic roll-up solution for Ethereum designed to increase the blockchain's scalability and efficiency. The team behind the Blur NFT marketplace launched it in November 2023, and it has been gaining traction ever since.

“There are often misunderstandings when it comes to security. Security exists on a spectrum (nothing is 100% secure) and is nuanced by many dimensions. There's smart contract security, browser security, and physical security. Each dimension has separate attack vectors, such as” Blast Network.

Decentralization Stage

Currently, Blast is at Stage 0 of decentralization. That means it is still not at the 75% threshold on the council to override the proof system, and less than 26% of the council are team members.

Multisig Safety

Blast has disputable Multisig security that also allows its core smart contracts to be upgraded via a Safe (formerly Gnosis Safe) Multisignature wallet account. This account requires 3 out of 5 signatures to authorize any transactions, leaving a major gap in the whole infrastructure.

If a malicious entity manages to get hold of three of the five signatures, it could drain the blockchain's locked assets or sabotage it in other ways. Blast has been scrutinized for this issue and replied to X, stating that their model is industry standard among L2s and nothing is 100% secure.

On November 24, 2023, Blast explained on X that they chose to have an upgradeable contract over an immutable one since, in complex situations, the immutable one can be less secure. They added that bugs could be in immutable contracts, making the entire infrastructure sterile.

“You can get infinite audits for an immutable smart contract, but you can never be 100% confident that a smart contract is bug-free. If there are bugs in an immutable contract, you are dead in the water. When it comes to upgradeable smart contracts, the specific upgrade mechanism is important. It can seem that making upgrades token-gated with a timelock would be "more secure." However, that opens the door to the token supply getting cornered by malicious actors.”

Blast added that L2s must have access to changing the smart contracts early before malicious actors take advantage of any vulnerabilities and that all signing keys typically need to be stored safely in cold storage.

“This is why every L2 has a direct path to upgrades. Multisigs are used by L2s like Arbitrum, Optimism, and Polygon because they are highly effective, if done right. So how do you use a multisig properly? You want to make sure that each signing key of a multisig is independently secure. This helps make the multisig antifragile. Each key should be in cold storage, managed by an independent party, and geographically separated.”

According to crypto investigator Truth Labs, Blast, all five of the Multisig SIgnee wallets were set up and originally funded by the same Dev wallet. One person could already have control over enough wallets to sabotage this blockchain.

Blast closed by arguing that even other L2s are using Multisigs, a move that Vitalik Buterin has now called for closer consideration in rechecking.

“Multisigs can be highly effective if used properly. This is why L2s like Arbitrum, Optimism, Polygon, and now Blast use a multisig model,” Blast said.

Blast remains one of the many L2s at Step 0 of decentralization. It is too soon to tell whether we will see them move to Step 1.