Fund security is directly related to the life and death of the public chain
Detailed explanation of the security of Merlin Chain and how to protect 3.5 billion funds
Merlin Chain is undoubtedly the hottest Bitcoin native second-layer network at the moment. The mainnet reached an astonishing TVL of 3.5 billion US dollars within 30 days of its launch, attracting more than 200 projects to enter the construction. After Merlin launched the second-layer mapping assets, many ecological projects successively released major updates, hundreds of millions of US dollars of liquidity poured in, and the unprecedented popularity once caused congestion in the Bitcoin network. However, if an ecosystem undertakes billions of funds, in addition to bringing prosperity to the ecology and liquidity, it also means being exposed to the dangerous dark forest of blockchain.
How Merlin Chain can ensure the security of 3.5 billion yuan is a question that all users need to be concerned about. This article will analyze the security system of Merlin Chain. As an emerging BTC L2, Merlin has taken security into consideration in every aspect of its architecture design, and has cooperated with multiple security teams such as SlowMist, and added layers of plug-ins to jointly build a solid defense line for fund security.
The architectural design is layered to ensure security and transparency
Decentralized Oracle: Resisting single point of failure through decentralized power and data transparency
Merlin Chain uses a multi-token staking Oracle node system, where sequence nodes are responsible for collecting and batch processing transactions, generating compressed transaction data, ZK state roots, and proofs. These data are compiled by the Oracle network execution circuit and uploaded to the Taproot of the Bitcoin mainnet, making them publicly accessible to the entire network.
Diversified assets: Supports staking of $BTC, $MERL and other mainstream BRC20 assets to improve flexibility and risk resistance
Proxy staking: Not only does it allow users to directly stake their assets to become Oracle nodes, it also provides more flexible proxy staking options, allowing users to entrust their assets to existing, reputable Oracle nodes for management
Real-time monitoring: Users can view their proxy staking status and earnings, as well as the performance records of proxy nodes in real time
Exit mechanism: Provide a flexible exit mechanism so that users can withdraw their assets at any time to ensure the liquidity of funds
By decentralizing power and data, Merlin Chain is able to resist the risks posed by single points of failure and centralization.
Shared DA layer security with Celestia
The data storage layer (DA) is similar to a database, where all original transactions of the execution layer are stored for subsequent verification and confirmation. For Layer2, the openness, transparency and on-chain storage of DA are extremely important. If the latest transaction data is not uploaded to a trusted platform, data withholding attacks will cause the network to be scrapped and may prevent users from withdrawing funds smoothly.
Merlin Chain uses Celestia as the data availability layer to ensure the verifiable publication of block data and enhance the transparency and credibility of the network.
Celestia provides public data availability guarantees, allowing everyone to view and store the state of the Merlin Chain
Once data is published and confirmed available on Celestia, Rollups and applications are responsible for storing their historical data
When a node receives a new block, it verifies the availability of the data to ensure that the data in the network is complete and consistent
Towards a layer of verification, inheriting the security of Bitcoin
Merlin Chain proposes a solution based on Taproot's aggregated zero-knowledge proof and Rollup data written to the Bitcoin mainnet. All second-layer data will be submitted to Bitcoin's first layer for security verification. This means that any problems on the second layer, whether fraud or errors, will be discovered and blocked by the first layer. Its key components: Node, zkProver, and Database work together to process and exchange data to confirm the validity of the entire transaction process, thereby ensuring the secure processing, verification, and completion of data storage of transactions. This allows Merlin Chain to inherit the security of Bitcoin, provide L2 batch processing scalability, and ensure that data is anchored in Bitcoin and cannot be tampered with.
Asset Management: Institutional-grade security through Cobo co-management
Currently, all assets in Merlin Chain are managed by Cobo's MPC wallet solution, which uses measures such as cold and hot wallet isolation to ensure that all cross-chain/locked funds in Merlin Chain are non-custodial and secure.
Cobo is a well-known digital asset custody service provider, and its founder Shenyu is well-known in the industry. Its MPC wallet solution uses advanced MPC technology to implement a threshold signature scheme to ensure that private key shards are generated, encrypted, and distributed among multiple parties in a secure environment. All parties jointly sign transactions without exposing each other's private key shards or forming a complete private key.
When users use Merlin Chain's cross-chain/locking function, the Bitcoin Layer 1 network funds transferred to the cross-chain bridge will be kept in the MPC custody address jointly managed by Cobo and Merlin Chain. Any transaction requires Cobo and Merlin Chain to jointly execute the Merlin Chain's predefined security risk control strategy before signing and releasing it. Any unilateral risk will not lead to asset leakage.
With Cobo’s private key encryption and sharding technology, Merlin Chain achieves institutional-grade security without being affected by single point failure of private keys, making assets immune to security attacks and human errors.
Jointly cooperate with well-known security teams and third-party platforms to provide protection
Merlin Security Committee: Jointly auditing ecological projects with multiple security companies
For public chains, the security of their ecological projects is a relatively uncontrollable but very important factor. It is reported that one of the reasons why the Blast ecological project Munchables was hacked was that in order to save audit fees, an unknown security team was hired to issue an audit report.
In order to ensure the security of its ecological projects, Merlin Chain has established the Merlin Security Council in cooperation with several security companies, including the famous Slowmist. The "Blockchain Dark Forest Self-Help Manual" published by its founder Yu Xian in 22 years is widely circulated in the circle, as well as BlockSec, Salus, Secure3, ScaleBit, Revoke.Cash and other well-known security teams. The committee is used to fund research, education and technological development, and encourage more white hats and dApps to join this decentralized organization to escort Merlin's subsequent ecological development and construction, so that users can safely participate in Merlin ecological projects.
On-chain monitoring via independent platforms such as mistTrack
Merlin Chain supports users to jointly supervise its ecological security through a third-party independent platform. In March this year, mistTrack, a security product of the SlowMist team, announced support for searching and tracking Merlin Chain. Users can query the on-chain data of Merlin and its ecological projects, monitor suspicious addresses, and track deliberate behavior through its platform at any time to ensure the safety of Merlin's funds and provide a safe and transparent on-chain experience.
Fund security is directly related to the survival of the public chain. As an emerging and growing Layer2, Merlin Chain has devoted absolute resources to security since its birth, and has continued to increase its investment after achieving ecological success. After all, only by maintaining the most basic security line can the long-term sustainable prosperity of the ecology be guaranteed. It is reported that Merlin Chain plans to add Council Grants and Merlin Bug Bounty programs in the future to encourage any individual or team to find loopholes and contribute to the ecological security of Merlin Chain.