From Blast to Layer 2 multi-signature backdoor: Which is more important, technology or social consensus?

Introduction: The subtext of Blast facing orthodox Layer 2 such as Polygon zkEVM may be, “Would princes, generals, and ministers rather have their own kind?” Since everyone is not trustworthy enough, and essentially rely on social consensus to ensure safety, why criticize Blast? The concentration of Layer 2 is not high enough, so why rush it?

It is true that Blast’s reliance on 3/5 multi-signatures to control recharge addresses has been widely criticized, but most Layer 2 also relies on multi-signatures to manage contracts. Previously, Optimism even used only one EOA address to control contract upgrade permissions. At a time when almost all mainstream Layer 2s have security risks such as multi-signing, criticizing Blast for not being safe enough is more like “looking down” on a gold mining project by technical elites.

But aside from the question of which is better between the two above, the significance of the existence of blockchain is more to solve the problem of information opacity in social consensus/democratic governance. When advocating the supremacy of technology, we must admit that social consensus itself is more important than technology. is important because it is the basis for ensuring the effective operation of all Web3 projects . In the final analysis, technology serves social consensus. A project that cannot be recognized by most people, no matter how superior the technology is, is essentially just a gorgeous appendix.

Text: Recently, the new project Blast launched by the founder of Blur has become popular all over the Internet. This “asset interest-earning” protocol under the banner of Layer 2 has set up a recharge address on the ETH chain. After users deposit funds into the Blast address, these funds will be It is used for native staking on the ETH network, placing it in MakerDAO to earn interest, etc. The profits will be returned to the users.

Relying on the founder’s aura and attractive gameplay, Blast received US$20 million in financing from investors led by Paradigm, and also attracted the participation of countless retail investors. In less than 5 days since its launch, Blast’s recharge address has attracted more than 400 million US dollars in TVL. It is no exaggeration to say that BLast is like a strong dose of medicine in the long bear market, instantly arousing people’s enthusiasm.

However, while Blast achieved initial success, it also attracted doubts from many experts. For example, L2BEAT and Polygon engineers both put it bluntly: The current Blast only deploys the Deposit contract to receive recharges on Ethereum. This contract can be upgraded under the control of 3/5 multi-signatures. In other words, the code logic of the contract may Being rewritten, if you want to rug, you can still rug. At the same time, Blast only claims to implement the Rollup structure, but now it is just an empty shell, and even the withdrawal function will not be launched until February next year.

Layer 2 multi-signature is a long-standing problem

In fact, multi-signing of Layer 2 contracts is a long-standing problem. As early as July this year, L2BEAT conducted a special survey on the upgradability of the Rollup contract. The so-called “upgradeability” means changing the logical contract address pointed by the agent contract to achieve the effect of changing the contract logic. If the changed new contract contains malicious logic, Layer2 officials can steal user assets.

(Source: wtf academy)

According to L2BEAT data, current mainstream rollups such as Arbitrum, Optimism, Loopring, ZKSync Lite, ZkSync Era, Starknet, Polygon ZKEVM, etc. all use multi-signature authorized upgradeable contracts, which can bypass time lock restrictions and upgrade immediately. (You can read Geek Web3’s previous articles: The Game of Credit: Rollups Controlled by Multi-Signatures and Committees )

What is surprising is that Optimism used to only use an EOA address to manage contract upgrades, and even multi-signatures were only added in October this year. As for Polygon zkEVM, which has criticized Blast , it can also conduct an “emergency takeover” of the Rollup contract under the 6/8 multi-signature authorization, transforming Layer 2 from contract governance to “naked human governance.” Interestingly, the Polygon engineer who criticized Blast above also mentioned this, but was vague.

So what is the significance of this “emergency mode”? Why do most Rollups leave themselves a panic button or backdoor? According to Vitalik’s previous statement, Rollup needs to frequently update the contracts deployed on ETH during the iteration process. Without the introduction of upgradeable means such as agency contracts, it will be difficult to iterate efficiently.

In addition, smart contracts that host a large amount of assets may have subtle bugs, and the Layer 2 development team is inevitably negligent. If certain vulnerabilities are exploited by hackers, a large number of assets may be stolen. Therefore, whether it is Layer 2 or DeFi protocols, an emergency button is often set up, and “committee members” intervene when necessary to prevent certain malignant events from happening.

Of course, the committee set up by Layer 2 can often bypass time lock restrictions and immediately upgrade the contract code. From a certain perspective, they seem to be more taboo than external factors such as hackers. In other words, in any case, smart contracts that host huge amounts of assets are difficult to avoid a certain degree of “trust assumption”, that is, it is assumed that the multi-signature controller behind the contract does not do evil. Unless the contract is designed to be non-upgradeable and there are no bugs that can threaten the security of user assets.

The actual situation is that the current mainstream Layer 2 either allows its own committee to immediately update the contract, or introduces relatively short time lock restrictions (for example, anyone who wants to upgrade the dYdX contract will have a delay of at least 48 hours). If it is discovered that the committee intends to incorporate malicious logic into the new version of the contract code to steal assets, users will theoretically have enough reaction time to urgently withdraw their assets from Layer 1.

(For information about forced withdrawal and escape cabin functions, you can read our previous article “ How important are forced withdrawal and escape cabin functions for Layer 2? “

(Time lock allows you to perform certain operations after a delay)

But the crux of the problem is that many Layer 2s don’t even have a forced withdrawal function that can bypass the Sequencer. If Layer 2 officials want to do something bad, they can first let the Sequencer reject everyone’s withdrawal requests, and then divide the user’s assets. Go to the L2 account controlled by Layer2 officials themselves. After that, the official will update the Rollup contract according to their own needs. After the time lock delay is over, all user assets can be transferred to the ETH chain.

Of course, the actual situation may be worse than what I said, because most Rollup officials can upgrade contracts without time lock restrictions, which means that rugs worth hundreds of millions of dollars can be completed almost instantly.

A truly trustless Layer 2 should make the contract upgrade delay greater than the forced withdrawal delay.

In fact, to solve the Layer 2 trustlessness/security problem, the following things need to be done:

Set up a censorship-resistant withdrawal exit on Layer1, and users can directly withdraw assets from Layer2 to the ETH chain without permission from the sequencer. The delay for forced withdrawal should not be too long, so as to ensure that user assets can be withdrawn from L2 quickly;

Anyone who wants to upgrade the Layer 2 contract must be subject to the time lock delay limit, and the contract upgrade should take effect later than the mandatory withdrawal. For example, the contract upgrade of dYdX now has a delay of at least 48 hours, so the delay for the forced withdrawal/escape hatch mode to take effect should be reduced to within 48 hours. In this way, after users discover that the dYdX project team wants to incorporate malicious code into the new version of the contract, they can withdraw their assets from Layer 2 to Layer 1 before the contract is updated.

Currently, the vast majority of rollups that have launched a forced withdrawal/escape cabin mechanism do not meet the above conditions. For example, dYdX’s forced withdrawal/escape hatch has a maximum delay of 7 days, but the dYdX committee’s contract upgrade delay is only 48 hours. In other words, the committee can complete the deployment of the new contract before the user’s forced withdrawal takes effect. Steal assets before the user escapes.

From this perspective, except for Fuel, ZKSpace, and Degate, other Rollups cannot guarantee that users’ forced withdrawals will be processed before the contract upgrade, and there is a high degree of trust assumption.

Although many projects using the Validium solution (DA is implemented outside the Ethereum chain) have long contract upgrade delays (such as 8 days or more), Validium often relies on the off-chain DAC nodes to publish the latest data, and DAC may launch Data withholding attacks disable the forced withdrawal function and therefore do not comply with the security model discussed above. (You can read our previous article “ Firing Validium? Re-understanding Layer 2 from the perspective of the Danksharding proposer “ )

At this point, we seem to be able to draw a concise and clear conclusion: Layer 2 solutions other than Fuel, ZKSpace and DeGate are not trustless. Users either trust the Layer 2 project party or the security committee set up by it not to do evil, trust the DAC nodes off the chain not to collude, or trust the sequencer not to review your transaction (reject your request). There are currently only the above three Layer 2s that truly meet the requirements of security, censorship resistance, and trustlessness.

Security is not only achieved by technology, but must also introduce social consensus

In fact, the topic we are talking about today is not new. The essence of Layer 2 pointed out in this article depends on the credibility of the project party, which has been pointed out by countless people. For example, the founders of Avalanche and Solana have fiercely criticized this, but the problem is that these trust assumptions that exist in Layer 2 also exist in Layer 1 and even in all blockchain projects.

For example, we need to assume that the Validator nodes that account for 2/3 of the pledge weight in the Solana network do not collude, and we need to assume that the top two mining pools that account for the majority of Bitcoin’s computing power do not join forces to launch a 51% attack to roll back the longest chain. While these assumptions are difficult to break, “hard” doesn’t mean “can’t.”

Once a traditional Layer 1 public chain commits an evil act that causes a large number of user assets to be damaged, it will often abandon the problematic chain and fork a new chain through social consensus (refer to the DAO incident in 2016 that led to the Ethereum Forked into ETH and ETC). If someone attempts a malicious fork, everyone must choose which “more reliable” fork to follow through social consensus. (For example, most people do not follow the ETHW project party)

Social consensus is the root of ensuring the orderly operation of blockchain projects and even the DeFi protocols they carry. Even error correction mechanisms such as contract code audits and community members disclosing problems with a project are also part of social consensus. However, decentralization achieved solely by technology often fails to play its greatest role and often remains at the theoretical level.

What really comes into play at critical moments is often social consensus that has nothing to do with technology, public opinion supervision that has nothing to do with academic papers, and mass recognition that has nothing to do with technical narratives.

We can imagine the following scenario: a POW public chain that only a few hundred people have heard of is temporarily in a highly decentralized state because there has not yet been a situation where one company is dominant. But if a mining company suddenly invests all its computing power into the POW chain, its computing power will be many times higher than that of all other miners. At this time, the decentralization of this POW chain will be instantly collapsed. . If the mining company intends to do evil, people can only correct the mistake through social consensus.

On the other hand, the so-called Layer 2, no matter how sophisticated its mechanism design is, cannot avoid the link of social consensus. Even L2s such as Fuel, DeGate and ZKSpace, which are almost impossible for officials to do evil, the Layer 1-Ethereum they rely on is also highly Relying on social consensus/community-public opinion supervision.

What’s more, we believe that the contract cannot be upgraded because we listened to the submissions of the contract audit agency and L2BEAT, but these agencies may be negligent or lie. Although this probability is extremely low, we have to admit that a small assumption of trust is still introduced.

However, the open-source data nature of the blockchain itself allows anyone, including hackers, to check whether the contract contains malicious logic. In fact, the trust assumption has been minimized, which greatly reduces the cost of social consensus. If this cost is reduced to a low enough level, we can default to “trustlessness”.

Of course, except for the three companies mentioned above, other Layer 2s have no so-called trust at all. What truly guarantees security at critical moments is still social consensus. The technical component is often just to facilitate people to carry out social consensus supervision. If a project’s technology is superior, but it is not widely recognized and cannot attract a large community group, then its decentralized governance and social consensus itself will be difficult to effectively develop.

Technology is indeed important, but more often than not, whether it can be widely recognized and whether it can develop a strong community culture are factors that are more important, more valuable, and more conducive to project development than technology.

We might as well take zkRollup as an example. Currently, many zkRollups only implement the validity certification system and DA data on-chain. It can externally prove that the user transactions it handles and all transfers made are valid and not forged by the sequencer. In “ There is no evil in this matter of “state transition”, but this is not the only scenario where Layer 2 officials or sequencers do evil.

We can approximate that the ZK proof system essentially only greatly reduces the cost of people’s supervision of Layer 2, but there are many things that cannot be solved by technology itself and must rely on the intervention of human governance or social consensus.

If L2 officials do not set up anti-censorship exits such as forced withdrawals, or if the officials try to upgrade the contract and incorporate logic that can steal user assets, community members will have to rely on social consensus and public opinion fermentation to correct errors. At this moment, whether technology is superior or not no longer seems to be the most important. Rather than saying that technology is important for security, it is more important to say that the mechanism design itself that facilitates

From Blast, which relies purely on social consensus for supervision, we should look at the relationship between social consensus and technical implementation more directly, instead of simply judging “which L2 is closer to the Layer 2 mentioned by Vitalik than the other L2” Determine the merits of a project. When a project has gained recognition and attention from millions of people, social consensus has been formed. It doesn’t matter whether it relies on marketing or technical narrative, because the result itself is more important than the process.

It is true that social consensus itself is an extension of democratic politics, and the real world has confirmed the shortcomings of democratic governance. However, the open source and data transparency of the blockchain itself have greatly reduced the cost of social consensus. Therefore, Web3’s There is an essential difference between “rule by man” and “rule by man” in actual sovereign states.

If we regard blockchain itself as a technical means to improve information transparency issues in democratic governance, rather than simply pursuing “Trustless achieved purely by code” that is never within reach, everything seems to become much more optimistic and clear. Only by getting rid of the arrogance and prejudice inherent in the technical elite and embracing a wider audience can the Ethereum Layer 2 system truly become a world-class financial infrastructure with mass adoption.

Disclaimer：

1. This article is reprinted from [微信公众号：极客 Web3]. All copyrights belong to the original author [Faust]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.