Odaily News In response to the discussion on multi-signature security issues, the new L2 network Blast launched by Blur founder Pacman issued an article on the X platform stating that security is multi-faceted and involves smart contracts, browsers and physical security dimensions. Immutable smart contracts are generally considered more secure, but may carry greater risks, especially in complex protocols. When it comes to upgradable smart contracts, the specific upgrade mechanism is very important. Upgradable smart contracts with timelocks may have vulnerabilities. In many cases, the only way to avoid a vulnerability being exploited is to perform on-chain operations before malicious actors do. In these cases, timelocks make smart contracts less secure. Thats why every L2 has a direct upgrade path. Additionally, Blast highlighted the effectiveness of multi-signature security, which is also used by other L2 projects such as Arbitrum, Optimism and Polygon. Blast noted that each signing key in a multi-signature setup is independently secure, stored in cold wallets, managed by independent parties, and geographically dispersed, an approach designed to strengthen the protocol against various security threats. ability. Blast plans to update one of its multi-signature addresses within a week, switching it to another hardware wallet provider for enhanced security. The move is intended to prevent reliance on a single type of hardware wallet, thereby reducing the risk of compromise due to specific hardware vulnerabilities. According to previous news, Polygon Labs developer relations engineer Jarrod Watts said that the Blast contract is an upgradeable contract controlled by 3/5 multi-signatures. The 5 addresses are all anonymous new addresses. It is possible for Blast to perform code upgrades through multi-signatures and immediately Stealing funds, while many other Layer 2 solutions currently have the same functionality including Arbitrum, Blast (currently) is not Layer 2, but just a smart contract that accepts user funds and puts the funds into Lido etc. in agreement. There is no testnet, no transactions, no bridges, no rollups, and no transaction data sent to Ethereum. If the 3/5 multisigs that control the contract do not do the right thing in the future, users will not be able to withdraw the money deposited into the Blast contract at any time. In this regard, SlowMist founder Yu Xian said that Blast’s contract is indeed an upgradeable contract as Jarrod Watts said. The control rights belong to a 3/5 multi-signature (I don’t know who the five people are) and there is no time lock. If you want to run away, you must either sign more and upgrade a malicious logic contract, or enableTransition and set up a malicious mainnetBridge. Currently, except for the contracts issued on Ethereum, Blast is a fission gameplay of the centralized Web2 project, but it is endorsed by several well-known institutions. Users still trust projects endorsed by institutions.