Is It Really Safe To Deposit Funds in Blast?

If you are really into decentralized finance (DeFi) currently, you must have heard of Blast, the new layer 2 network. Blast has gained significant attention from the crypto community over the past couple of days after its announcement on November 20.

The yield-focused L2 is developed by Pacman, the same person behind the NFT marketplace Blur, while it is backed by several prominent DeFi players and a leading VC firm Paradigm. While having such a strong foundation, Blast reached a TVL of over $230 million within two days, but wait.. it has no mainnet yet so where users’ funds are going really? And its bridge is currently only facilitating deposits while withdrawals will be enabled in February 2024 after mainnet launch, so why are users bridging and risking funds now? Should you transfer funds as well?? Well! Let’s get into this “Brief on Blast” and find out.

The newly launched Blast claims to be the first yield-focused layer 2 network which natively stake ETH on Ethereum mainnet and incentivise users with staking rewards up to 4% along with additional rewards. Additionally, Blast also offers yields on DAI stablecoin. It has attracted a TVL of $365 million at the time of writing which includes over 152,740 ETH and nearly 50 million DAI, as per data from DeBank. The most of ETH deposits of the Blast bridge is currently liquid staked on Lido and similarly most of DAI are deposited to Maker’s DSR (DAI Savings Rate) vault. So basically all the funds seem not idle just as any other blockchain bridges. 

The TVL of over $365 million is not a new thing in DeFi but achieving it within time shorter than even a week surely raises questions. So why are people going crazy for Blast? 

Why are users bridging funds to Blast?

Blast Points (Airdrop)

One of the main factor behind bridging funds to Blast is early access rewards. Just like every other blockchains, Blast is attracting users with the evergreen airdrop method for acquiring users at the initial phase. Users who bridge funds will be rewarded with Blast Points which they will be able to redeem in May 2024.

While many blockchains such as Arbitrum have successfully distributed millions of worth of tokens with a similar method, users do not want to miss a chance to claim “life-changing” airdrop reward. 

Yields

As Blast is meant to work on yield-generative mechanism, the funds in ETH transferred to its bridge are directly staked on Lido, a liquid staking protocol, with an APY of 3-4%. But why are users not staking directly on Lido as it offers the same yield range? There once again comes Blast Points which are rewarded alongside staking yields. 

Blast’s announcement post claimed that it is redesigned from the ground up “so that if you have 1 ETH in your wallet on Blast, over time it grows to 1.04, 1.08, 1.12 ETH automatically.” This could also be the reason behind large chunks of ETH being bridged to the (to-be) newborn layer 2 network. 

Blast will also offer 5% yields on stablecoins that users have deposited, which it will invest in T-bill protocol like MakerDAO.

While two of the main factors stated above remain significant to drive funds, users are also encouraged on the fact that Blast is backed by prominent venture capitalist firm Paradigm and Standard Crypto alongside several DeFi personalities Andrew Kang of PleasrDAO, Hasu from Flashboats, The Block CEO Larry Cermak, popular crypto trader Hsaka, the eGirl Capital trio of CL, Loomdart, Degen Spartan and a dozen of other degen profiles. 

Now if you are thinking about depositing funds to DeFi’s new favorite layer 2 network, read below stated cautions first.

Things To Note Before Depositing To Blast

3/5 Multisig

The developer who built Blast has transferred its contract ownership to a Safe contract via Gnosis Safe which has 5 signers. So the Blast contract requires a majority of 3/5  signers to execute a transaction. While 3/5  signers seem safe, the concern is raised whereas all of these 5 addresses having signer keys for Blast contract are a fresh address and totally unknown!

Proxy Contract

Blast Deposit contract consists of two contracts, of which one is a proxy and another an implementation. Proxy contracts are upgradable smart contracts which can also change a logic within. 

In addition, Blast proxy implements OpenZeppelin’s UUPSUpgradeable contract that includes a function “_upgradeTo” which essentially allows to change the logic in implementation contract as well. This could be worse if the developer decides to do something malicious with all the funds, they certainly could 

A Hidden (Prone To Exploit) Function

Blast contract has a function “enableTransition” which calls for “mainnetBridge” contract as an argument. Here is where the stone turns as “mainnetBridge” contract has access to all staked ETH and DAI.

As Blast contract allows “mainnetBridge” contract to access and spend whole amount it needs a restriction right? It certainly has an argument restriction but it only checks if the interacting address has a code or not. So if the address is anything but just an EOA address, it gets access to the funds. 

A potential exploit for this scenario might occur easily if the developer create a simple smart contract and call “mainnetBridge”, it can receive all staked ETH and DAI in the amount of over $200 million. 

Minding all this, it is now up to you to trust Blast’s developer team and its surrounding with your funds.

Kindly note that above cited statements are just potential risks that are identified. None of this includes any financial advice or criticism towards any entity.