Cybersecurity experts warn that if yield-generating pools or protocols on Lido or MakerDAO are compromised, Blast users’ associated tokens in those pools “will be compromised as well.”
Cybersecurity experts at web3 firm Resonance Security are raising concerns related to the security implications of Blast‘s reliance on third-party decentralized finance protocols.
In a Thursday blog post, Grace Dees, a cybersecurity business analyst at Resonance Security, warned that Blast’s dependence on external protocols for generating yield brings inherent risks, noting that MakerDAO, which generates 5% yield for USDB (Blast’s stablecoin) holders, “has not published a security audit of their smart contracts in three years.”
“If yield-generating pools or protocols on Lido or MakerDAO are compromised, the associated tokens of Blast users in those pools will be compromised as well,” Dees warned. The analyst noted, that even though relying on third-party integrations “is not a bad thing,” she pointed out that some of MakerDAO’s most recent public audits “even go back five years.”
“This raised concern to me because smart contracts can be susceptible to newly discovered vulnerabilities and should be audited periodically to protect against those new discoveries,” Dees said.
You might also like: BLAST token jumps 20% as fake airdrop scams flood X
Concerns about Blast’s security extend beyond third-party dependencies. Dees outlined issues with Blast’s LaunchBridge contract, describing it as a “custodial contract protected by a 3/5 multisig address,” rather than a rollup bridge.
Experts stress the importance of robust security measures, including regular audits and bug bounty programs. Although MakerDAO hasn’t published a recent security audit, its bug bounty program via ImmuneFi helps “cover the security gaps in their contracts,” Dees acknowledged.
To mitigate third-party risks, Resonance Security recommends that Blast prioritize close collaboration with their partners to develop and uphold “stringent security standards” that can save projects many headaches in the long run.
Read more: Blockchain fraud group strikes again, launches fresh scheme on Blast network