According to Foresight News, Jarrod Watts, a developer relations engineer at Polygon Labs, has expressed concerns about the Blast contract. He stated that the contract is a 3/5 multisig-controlled upgradable contract, with all five addresses being anonymous new addresses. Blast could potentially execute code upgrades through multisignature and immediately steal funds. Although many other Layer 2 solutions, including Arbitrum, have similar features, Blast is not a Layer 2 solution but merely a smart contract that accepts users' funds and invests them in protocols like Lido.
Watts pointed out that there is no testnet, no transactions, no bridges, no rollups, and no transaction data sent to Ethereum. If the 3/5 multisig controlling the contract does not 'do the right thing' in the future, users will not be able to withdraw their money stored in the Blast contract at any time.
In response to these concerns, SlowMist founder Yu Xiang confirmed that the Blast contract is indeed an upgradable contract, as Watts described, with control belonging to a 3/5 multisig without a time lock. He added that if the contract were to be exploited, either a malicious logic contract could be upgraded through multisignature or an evil mainnetBridge could be set up via enableTransition. Blast currently operates as a centralized Web2 project, with the exception of its Ethereum-based contract, and has endorsements from several well-known institutions.
