According to Coincu, concerns have been raised regarding Blast multisig security, specifically surrounding time locks and the secure handling of multi-signature keys. In response, the project emphasized the potential reduction in security with the implementation of time locks. The complexity of contracts was highlighted, suggesting that intricate agreements might not offer the same level of Blast multisig security as their upgradable counterparts. Safeguarding each signature key in a multi-signature contract was underscored, recommending independent cold storage managed by separate entities and geographical separation.
The Blast deposit contract on Ethereum has witnessed a remarkable surge, with the value deposited soaring to $433 million within a few days. Blast, a separate smart contract positioned as a "bridge" for an optimistic rollup still in development, has garnered significant attention, amassing $381 million in Ether and $52 million in stablecoins since its launch on Monday.
Polygon engineer Jarrod Watts raised concerns about the identities of the five signer wallets associated with Blast's multi-signature contract, as they are unknown and all wallets are new addresses. Examining the contract's control structure reveals a Safe 5-key multisig requiring 3 keys for transaction execution. However, one key lacks transaction history, while the other four display initial ether deposits from the same Ethereum account, raising questions about their independence. It's crucial to note that Blast, currently not on L2 and lacking a testnet, transactions, bridges, rollbacks, and transaction data sent to Ethereum, primarily functions to accept user funds and stake them in protocols like Lido.
