Blast’s multi-signature security issues have been criticized. Why is it so difficult to decentralize L2 technology?

This article is approximately 1110 words,and reading the entire article takes about 2 minutes
Regardless of technical consensus or social consensus, it is ultimately a force that restrains evildoers.

Original author: Haotian (X: @tmel0211)

Editors note: Previously, Polygon Labs developer relations engineer Jarrod Wattsexpress, the Blast contract is an upgradeable contract controlled by 3/5 multi-signatures. The 5 addresses are all anonymous new addresses. It is possible for Blast to perform code upgrades through multi-signatures and steal funds immediately. Blast on XrespondAccording to the report, security is multi-faceted and involves smart contracts, browsers and physical security dimensions. Immutable smart contracts are generally considered more secure, but may pose greater risks, and it stated that the hardware wallet type for 1 multi-signature address will be replaced within a week to enhance security. The security risks of Blasts multi-signatures are still criticized, and there is even a joke in the community that all five multi-signatures belong to Tieshun. Leaving aside Blast’s multi-signature security issues, why is it so difficult to decentralize Layer 2 technology? Crypto analyst Haotian published an article discussing the decentralization status and problems of each L2 core technology component from the perspective of the Layer 2 industry. Odaily summarized it as follows:

Blast’s multi-signature security issues have been criticized. Why is it so difficult to decentralize L2 technology?

Blasts multi-sign security risks are still being criticized. Even the joke that all five multi-signs belong to Tieshun went viral, but it did not affect the continued rise of @Blast_L2 TVL.Rational cognition drives everyone to criticize Blast, but the profit-seeking instinct cannot refuse to embrace Blast.

Next, leaving aside the specific multi-signature security issues of Blast, from the perspective of the layer 2 industry, let’s discuss why it is so difficult to decentralize layer 2 technology?

First, clarify the so-called decentralization of the technical components of layer 2, including: Sequencer, Prover, Validator, main network Rollup Contract and other key components distributed in the main network and layer 2. Among them, ZK-Rollup has more Prover systems than OP-Rollup. , basically everyone focuses on the operation of Sequencer. In addition, some differences are the degree to which the implementation of Data Avaliablity relies on the Ethereum main network, and the degree of equivalence of the EVM main network.

The current decentralization status of each layer 2 core technology component:

  • Arbitrum said that it is still in the exploratory stage to cooperate with Espresso Systerm to explore the possibility of decentralized Sequencer;

  • Starknet’s Prover system achieves permissionless decentralization, and Sequencer has no clear decentralization message yet;

  • Optimism has rationalized the centralization of Sequencer and launched the OP Stack strategy, trying to use a new shared Sequencer security governance committee to decentralize centralized authority, and use curved social consensus to make up for the shortcomings of technical consensus;

  • zkSync has not had any signs of open source and decentralization of its core components for a long time, and has launched the ZK Stack multi-application chain strategy. According to the official statement, zkSyncs retreat into a model application chain under the Stack strategy is also an attempt to escape the powerlessness of decentralized technology. .

It is not difficult to see that the four kings of layer 2 each have their own considerations on the decentralization of core technical components, and some are still telling stories about technical decentralization.Some have tried to use the Stack strategy to make up for the shortcomings of pure technology decentralization.In short, pure technical decentralization of layer 2 is difficult. Why?

1) Layer 2’s Sequencer generally uses a centralized EOA address, which can save mainnet interaction costs.Both Optimism and zkSync use EOA addresses, which are directly and simply controlled by private keys. They are more flexible to operate. Compared with the complex logic and functions of smart contracts, the EOA structure has a smaller attack surface.

The most critical thing is that these EOA addresses can reduce costs when interacting with mainnet contracts. However, the most effective way to manage private keys is through strong centralized management. Decentralized management of private keys will increase the attack surface of the system.

2) Sequencer is responsible for pumping revenue to layer 2.Usually the handling fee charged by Sequencer minus the cost of batch transactions to the main network and other expenses are the gross income of layer 2.

This makes the controller of Sequencer easily unwilling to decentralize its rights. Once it is too decentralized, new problems will inevitably arise in the charging of the core incentive mechanism, such as benefit distribution.

3) The process of Prover system generating and verifying Proof has a high technical threshold.There is little innovation in ZK-Rollup ecological projects now. A large part of the reason is that there is a large threshold for data structure adaptation and ZK circuit. This is especially true for decentralized Validators. Once the Validators nodes are too decentralized, it will be difficult to process and verify the Proof. There will also be stability issues in the process;

4) There are few actual battle-tested challenges in OP-Rollup. It is precisely because the centralized Sequencer will make layer 2 naturally tend to be optimistic and have zero challenges.The somewhat overly centralized Sequencer seems to be a weakness, but it actually becomes another security mechanism.

5) If a security failure occurs in layer 2, Sequencer can forcibly freeze and control the outflow of assets. At worst, a low-cost hard fork can be performed on the second layer, but what if Sequencer is attacked?A large amount of funds are withdrawn to the main network. The implementation of upgradable multi-signature management in the main network Rollup contract is another layer of double insurance.Because layer 2 cannot expect a mainnet-level hard fork to occur.

To put it bluntly,The main network implements multi-signature governance just to insure the layer 2 sequencer from being attacked. It is meaningless to discuss who is on the multi-signature list and whether it has prestige.


The reason why we rarely hear about layer 2 being too centralized is mainly due to the high overall technical threshold of layer 2, the past reputation of the founding team, the endorsement of investment institutions, and the built-in special security mechanism (challenge mechanism, DA ), etc., all make operating layer 2 a long-term sustainable business, especially the end game of layer 2 is to sit back and watch the ecosystem rise one by one and then continue to extract revenue.

If a layer 2 project does not mention ecology or technology, but only talks about airdrop expectations in the name of everyone is the same, in addition to Rug risks, we should first ask whether it is layer 2?

The current development of layer 2 technology decentralization is not ideal. Maybe fundamentalist decentralization does not exist in the layer 2 field? From this point of view, the illusory multi-chain shared component strategy of Stack strategy will be the only solution to eliminate the excessive centralization power of layer 2 in the longer term.

Fundamentally, regardless of technical consensus or social consensus, it is a force that restrains evildoers.

This article is from a submission and does not represent the Daily position. If reprinted, please indicate the source.

ODAILY reminds readers to establish correct monetary and investment concepts, rationally view blockchain, and effectively improve risk awareness; We can actively report and report any illegal or criminal clues discovered to relevant departments.

Recommended Reading
Editor’s Picks