The Security of Merlin Chain: How it Protects 3.5 Billion Funds

Reposted original title: Exploring the Security of Merlin Chain: How it Protect 3.5 Billion Funds

Merlin Chain is undoubtedly the hottest Bitcoin-native Layer2 network at the moment. The mainnet reached an astonishing TVL of $3.5 billion within 30 days of its launch, attracting over 200 projects to enter construction. After Merlin launched Layer2 mapped assets, multiple ecological projects successively released major updates, and hundreds of millions of dollars of liquidity poured in. The unprecedented popularity once caused congestion on the Bitcoin network. But if an ecosystem takes on billions of funds, in addition to bringing a prosperous ecosystem and liquidity, it also means being exposed to the dangerous dark forest of blockchain.

How Merlin Chain ensures the security of 3.5 billion funds is a question that all users need to be concerned about. This article will analyze the security system of Merlin Chain. As an emerging BTC L2, Merlin has considered security in every aspect of its architecture design, and has joined forces with many security teams such as Slow Mist, adding layers of plug-ins to jointly ensure fund security. Build a solid line of defence.

Layered architecture design ensures security and transparency at every level

Decentralized Oracle: Resisting single points of failure through decentralized power and data transparency

Merlin Chain uses a multi-token staking Oracle node system. The sequence node is responsible for collecting and batch-processing transactions, generating compressed transaction data, ZK state roots and proofs. This data is compiled by the Oracle Network Execution Circuit and uploaded into Taproot on the Bitcoin mainnet, making it publicly accessible to the entire network.

Diversified assets: Supports the staking of $BTC, $MERL and other mainstream BRC20 assets, improving flexibility and risk resistance.

Agent stake: Not only allows users to directly stake assets to become Oracle nodes, but also provides more flexible agent staking options, allowing users to entrust assets to existing and reputable Oracle nodes for management.

Real-time monitoring: Users can view their agent stake status and income in real time, as well as the performance records of agent nodes

Exit mechanism: Provide a flexible exit mechanism, users can withdraw their assets at any time to ensure the liquidity of funds.

By decentralizing power and data, Merlin Chain resists the risks of single points of failure and centralization.

Share DA layer security with Celestia

The data storage layer (DA) is similar to a database, where all original transactions of the execution layer are stored for subsequent verification and confirmation. For Layer2, the openness, transparency and on-chain storage of DA are extremely important. If the latest transaction data is refused to be uploaded to a trusted platform, data withholding attacks will lead to network scrapping and may prevent users from successfully withdrawing funds.

Merlin Chain uses Celestia as the data availability layer to ensure verifiable release of block data and enhance the transparency and credibility of the network.

· Celestia provides public data availability guarantees, allowing everyone to view and store the state of the Merlin Chain.

· Rollups and applications are responsible for storing historical data once it is published on Celestia and confirmed to be available.

· When receiving a new block, the node will verify the availability of the data to ensure that the data in the network is complete and consistent.

Towards a layer of verification, inheriting the security of Bitcoin

Merlin Chain proposed a solution based on Taproot’s aggregated zero-knowledge proof and Rollup data writing to the Bitcoin main network. All Layer2 data will be submitted to Bitcoin’s Layer1 for security verification. This means that any issues with Layer2, whether fraud or errors, will be discovered and blocked by the first layer. Its key components: Node, zkProver and Database work together to process and exchange data to confirm the validity of the entire transaction process, thereby ensuring the safe processing, verification and completion of data storage. This allows Merlin Chain to inherit the security of Bitcoin, provide L2 batch processing scalability, and ensure that data is anchored in Bitcoin and cannot be tampered with.

Asset Management: Institutional-level security through Cobo coordination mechanism

The assets currently in Merlin Chain are managed by Cobo’s MPC wallet solution, using hot and cold wallet isolation and other measures to ensure that all cross-chain/locked funds in Merlin Chain are non-custodial and safe.

Cobo is a well-known digital asset custody service provider. Its founder Discus Fish is well-known in the industry. Its MPC wallet solution leverages advanced MPC technology to implement a threshold signature scheme that ensures private key shards are generated, encrypted, and distributed among multiple parties in a secure environment. Participants co-sign transactions without exposing each other’s private key shards or forming complete private keys.

When users use Merlin Chain’s cross-chain/lock position, the Bitcoin Layer1 network funds transferred to the cross-chain bridge will enter the MPC custody address co-managed by Cobo and Merlin Chain for safekeeping. Any transaction must be executed jointly by both Cobo and Merlin Chain. Merlin Chain’s predefined security risk control strategy can only be signed and released, and any unilateral risk will not lead to the leakage of assets.

With Cobo’s private key encryption and sharding technology, Merlin Chain achieves institutional-level security and is not affected by a single point of failure of the private key, making assets immune to security attacks and human errors.

Cooperate with well-known security teams and third-party platforms to ensure security

Merlin Security Committee: Cooperate with multiple security companies to audit ecological projects

For public chains, the security of their ecological projects is a relatively uncontrollable but very important influencing factor. It is reported that one of the reasons why the Blast ecological project Munchables was hacked was that to save audit fees, an unknown security team was hired to issue an audit report.

To ensure the security of its ecological projects, Merlin Chain united with many security companies to establish Merlin Security Council, including the famous Slowmist, Blockchain Dark Forest Self-Rescue Manual published by the founder of “Cosine” in 2022, and BlockSec, Salus, Secure3, ScaleBit, Revoke.Cash and many well-known security teams. The committee is used to fund research, education and technology development, and encourages more white hats and dApps to join this decentralized organization to protect Merlin’s subsequent ecological development and construction, allowing users to participate safely in the Merlin Ecological Project.

On-chain monitoring through independent platforms such as mistTrack

Merlin Chain allows users to supervise its ecological security through a third-party independent platform jointly. In March this year, mistTrack, a security product owned by the SlowMist team, announced that it supports searching and tracking Merlin Chain. Users can query the on-chain data of Merlin and its ecological projects at any time through its platform, monitor suspicious addresses, and track down deliberate behaviour to ensure the security of Merlin’s funds, providing a safe and transparent on-chain experience.

Fund security is directly related to the life and death of the public chain. Merlin Chain, as an emerging and growing Layer 2, has invested absolute resources in security since the first day of its birth and has continued to increase its investment even after achieving ecological success. After all, the only way is to hold on. The most basic line of security can ensure the long-term sustainable prosperity of the ecosystem. It is reported that Merlin Chain plans to add Council Grants and Merlin Bug Bounty programs in the future to encourage any individual or team to find vulnerabilities and contribute to the ecological security of Merlin Chain.

Statement:

1. This article originally titled “详解Merlin Chain的安全性，如何为35亿资金保驾护航” is reproduced from [theblockbeats]. If you have any objection to the reprint, please contact the Gate Learn team, the team will handle it as soon as possible.

2. Disclaimer: The views and opinions expressed in this article represent only the author’s personal views and do not constitute any investment advice.

3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.