从Blast到Layer2多签后门:技术与社会共识哪个更重要
作者:Faust,极客web3
导语:Blast面对Polygon zkEVM等正统Layer2的潜台词,或许就是“王侯将相,宁有种乎?”既然大家都不够去信任化,本质都是靠社会共识来保证安全的,又何必抨击Blast的Layer2浓度不够高,“相煎何太急”呢?
诚然,Blast靠3/5多签来控制充值地址一事被广泛诟病,但大多数Layer2也同样靠多签管理合约,此前Optimism甚至只用一个EOA地址控制合约升级权限。在主流Layer2几乎都存在多签等安全隐患的当下,抨击Blast不够安全,更像是技术精英们对一个打金项目的”看不起“。
但抛开上述两者孰优孰劣一事,区块链存在的意义更多在于解决社会共识/民主治理中的信息不透明问题,而在宣扬技术至上时,我们必须承认,社会共识本身比技术更为重要,因为它才是保障所有Web3项目有效运转的基础。归根结底,技术是为社会共识服务的,不能被大多数人认可的项目,就算技术再优越,本质也只是一个华丽的阑尾。
正文:近期,Blur创始人推出的新项目Blast火爆全网,这个打着Layer2旗号的“资产生息”协议在ETH链上设置了一个充值地址,用户将资金存入Blast地址后,这些资金将被用于ETH网络原生质押、置入MakerDAO赚取利息等,所获利润将返回给用户。
靠着创始人本身的光环及颇具吸引力的玩法,Blast获得了Paradigm为首的投资人给出的2000万美元融资,也吸引了无数散户的参与。上线不到5天,Blast充值地址吸引的TVL就超过了4亿美元。毫不夸张的说,BLast就像漫漫熊市之中的一剂猛药,瞬间激起了人们的狂热。
但Blast在获得阶段性成功的同时,也引来了许多专家的质疑。比如,L2BEAT和Polygon工程师均一语道破:目前的Blast只是在以太坊上部署了接收充值的Deposit合约而已,这个合约可以在3/5多签的控制下升级,换句话说,合约的代码逻辑可能被改写,想Rug还是可以Rug。同时,Blast只是自称要实现Rollup结构,但现在的它只是一个空壳子,连提款功能都要等到明年2月上线。
而Blast也不堪示弱的点破,绝大多数Rollup背后都靠一组多签管理合约升级权限,其他家Layer2指责“Blast用多签”只是五十步笑百步而已。
Layer2多签是一个由来已久的问题
其实,Layer2合约多签是一个由来已久的问题。早在今年7月,L2BEAT就曾针对Rollup合约可升级性进行了专题调研,所谓的“可升级”,就是变更代理合约指向的逻辑合约地址,达到更改合约逻辑的效果。如果更改后的新合约中包含恶意的逻辑,Layer2官方就可以把用户资产盗走。
(图源:wtf academy)
按照L2BEAT的数据,目前Arbitrum、Optimism、Loopring、ZKSync Lite、ZkSync Era、Starknet、Polygon ZKEVM等主流Rollup都采用了多签授权的可升级合约,可以绕开时间锁限制立刻upgrade。
让人感到诧异的是,Optimism过去只是用一个EOA地址管理合约升级,连多签都是今年10月才加上去的。至于曾对Blast展开抨击的Polygon zkEVM,也可以在6/8多签授权下,对Rollup合约进行“紧急接管”,把Layer2从合约治理转为“赤裸裸的人治”。有趣的是,上文中对Blast进行批判的Polygon工程师也提到了这一点,但表现的含糊其辞。
那么这种“紧急模式”的存在意义是什么?为什么大多数Rollup都要给自己留一个紧急按钮或者说后门?按照Vitalik此前的说法,Rollup在迭代过程中要频繁更新在ETH上部署的合约,如果不引入代理合约等可升级手段,就难以高效迭代。
此外,托管了大量资产的智能合约可能存在不易察觉的bug,而Layer2开发团队难免疏忽大意,如果某些漏洞被黑客所利用,就可能导致大量资产被盗。所以,Layer2也好,DeFi协议也罢,往往都会设置一个紧急按钮,在必要时刻由“委员会成员”介入,防止某些恶性事件发生。
当然,Layer2设置的委员会往往可以绕开时间锁限制立刻升级合约代码,某种角度来看,他们似乎是比黑客等外界因素更让人感到忌讳的存在。或者说,无论如何,托管了巨额资产的智能合约都难以免除某种程度的“信任假设”,即假设合约背后的多签控制者不作恶。除非合约被设计为不可升级的,并且不存在可以威胁到用户资产安全的bug。
实际情况是,现在的主流Layer2要么允许自己设立的委员会立刻更新合约,要么引入了比较短的时间锁限制(比如任何人要升级dYdX合约,都有至少48小时的延时)。如果人们发现委员会打算在新版合约代码中掺杂盗取资产的恶意逻辑,用户在理论上有足够反应时间,把资产紧急撤出Layer1。
(时间锁就是经过一段延时后,才允许你进行某些操作)
但问题的关键在于,很多Layer2连可以绕开Sequencer排序器的强制提款功能都没设置,这样的Layer2官方要做恶,可以先让排序器拒绝所有人的提款请求,之后把用户资产划转到Layer2官方自己控制的L2账户内。之后官方再按照自己的需要去更新Rollup合约,等时间锁延时结束后,就可以把用户资产全部提到ETH链上转移走。
当然,实际情况可能比我说的更糟糕,因为大多数Rollup官方可以不受时间锁限制的升级合约,也就是说,几乎可以在顷刻之间完成动辄上亿美元的rug。
真正去信任化的Layer2应该让合约升级延时大于强制提款延时
其实,要解决Layer2去信任化/安全问题,需要做到以下几件事:
在Layer1上设置一个抗审查的提款出口,用户可以不经排序器许可,直接把资产从Layer2提到ETH链上。强制提款的延时不应太久,这样能确保用户资产快速的从L2退出;
任何人要升级Layer2合约,必须受到时间锁延时限制,合约升级应当晚于强制提款生效。比如说,现在dYdX的合约升级至少有48小时延时,那么强制提款/逃生舱模式的生效延时,应当压低在48小时内。这样一来,用户发现dYdX项目方要在新版合约中掺杂恶意代码后,可以赶在合约更新前把资产从Layer2撤出到Layer1。
目前绝大多数上线了强制提款/逃生舱机制的Rollup,并不满足上述条件。比如,dYdX的强制提款/逃生舱最长7天延时,但dYdX委员会的合约升级延时仅48小时,也就是说,委员会可以在用户强制提款生效前,完成新合约的部署,赶在用户逃离前把资产盗走。
从这个角度看,除了Fuel和ZKSpace、Degate外,其他Rollup都不能保证在合约升级前处理完用户的强制提款,均存在较高程度的信任假设。
许多采用Validium方案(DA在以太坊链外实现)项目虽然有很长的合约升级延时(比如8天或更长),但Validium往往依赖于链下的DAC节点发布最新数据,而DAC可能发动数据扣留攻击,使强制提款功能失效,所以不符合上面谈论的安全模型。
到了这里,我们似乎可以简洁明了的得出结论:除了Fuel、ZKSpace和DeGate之外的Layer2方案,都不是去信任化的。用户要么信任Layer2项目方或其设置的安全委员会不作恶,要么信任链下的DAC节点不串谋,要么信任排序器不会审查你的交易(拒绝你的请求)。真正满足 安全、抗审查、去信任化的Layer2,目前只有上面3个。
安全不止靠技术实现,必须要引入社会共识
其实,我们今天所谈论的话题并不新鲜,关于本文所指出的Layer2本质依赖于项目方的信用,早就被无数人指出过。比如Avalanche与Solana创始人都曾对此展开过猛烈抨击,但问题在于,这些存在于Layer2身上的信任假设,在Layer1上乃至于所有区块链项目身上也一样存在。
比如,我们需要假设Solana网络中占2/3质押权重的Validator节点不串谋,需要假设占比特币大部分算力份额的前两大矿池不联合起来发动51%攻击回滚最长链。虽然这些假设很难被打破,但“很难”不代表“不可以”。
传统Layer1公链一旦发生了导致大量用户资产受损的作恶行为,最后往往会通过社会共识的方式,废弃那条有问题的链分叉出一条新的链(参考2016年The DAO事件导致以太坊分叉为ETH和ETC)。如果有人尝试恶意分叉,大家也要通过社会共识的方式选择追随哪条“更靠谱”的分叉。(比如大多数人没有追随ETHW项目方)
社会共识是保障区块链项目乃至于其承载的DeFi协议有序运转的根源所在,即便是合约代码审计、社区成员披露某项目存在问题等纠错机制,也是社会共识的一环。而单纯靠技术来实现的去中心化,往往并不能发挥最大的作用,很多时候都停留在了理论层面。
真的在关键时刻发挥作用的东西,往往是与技术无关的社会共识,是与学术论文无关的舆论监督,是与技术叙事无关的群众认可度。
我们可以试想如下场景:一个只有几百人听闻过的POW公链,暂时处于高度去中心化状态,因为还没有出现一家独大的局面。但假如某个矿机企业突然把自己的算力全部投入该POW链,自己一人就比其他所有矿工的算力都高出很多倍,此时,这条POW链的去中心化将瞬间被瓦解。如果该矿机企业打算作恶,人们就只能通过社会共识来纠错。
反观所谓的Layer2,纵使其机制设计再过精巧,也避不开社会共识这一环,即便是Fuel、DeGate和ZKSpace这类官方几乎无法作恶的L2,他们所依托的Layer1-以太坊本身也是高度依赖于社会共识/社区-舆论监督的。
更何况我们认为的合约不可升级,是听信了合约审计机构及L2BEAT的陈词,但这些机构有疏忽大意或是撒谎的可能。虽然这种概率极低,但我们不得不承认,还是对其引入了微小的信任假设。
但区块链本身的数据开源属性,允许任何人包括黑客在内去检查合约是否包含恶意逻辑,其实已经将信任假设最小化了,这极大程度降低了社会共识的成本。如果将这种成本降低到了足够低的程度,我们可以默认这就是“去信任化”的。
当然,除了上面提到的那三家外,其他的Layer2根本就没有所谓的去信任,真正在关键时刻保障安全性的,仍然是社会共识,技术成分很多时候只是方便人们展开社会共识监督而已。如果一个项目的技术很优越,但却得不到广泛的认可,吸引不了庞大的社区群体,那么它的去中心化治理以及社会共识本身也难以有效展开。
技术诚然重要,但更多的时候,能否被广泛认可、能否发展起强大的社区文化,是比技术更为重要、更有价值、更有利于项目发展的因素。
我们不妨以zkRollup为例,目前很多zkRollup只实现了有效性证明系统和DA数据上链,它可以对外证明自己处理的用户交易、进行的所有转账都是有效的,不是排序器伪造的,在“状态转换”这件事情上没有作恶,但Layer2官方或排序器作恶的场景并不只这一种。
我们可以近似认为,ZK证明系统本质上只是极大程度降低了人们对Layer2进行监督的成本,但很多东西是技术本身无法解决的,必须依赖于人治或社会共识的介入。
如果L2官方没有设置强制提款等抗审查出口,或者官方尝试升级合约,在其中掺杂可以盗取用户资产的逻辑,社区成员就不得不依靠社会共识和舆论发酵来纠错。此时此刻,技术优越与否似乎已经不再是最重要的了,与其说技术对于安全而言重要与否,倒不如说,便于人们展开社会共识的机制设计本身,才是更重要的,这其实才是Layer2乃至区块链的真谛。
从单纯靠社会共识来监督的Blast身上,我们应当更直接的看待社会共识与技术实现这两者之间的关系,而不是单纯按照“哪一家L2比另一家L2更贴近vitalik口中的Layer2”来判断一个项目的优与劣。当一个项目已经获得了成百上千万人的认可与关注后,社会共识就已经形成了,至于是靠营销还是靠技术叙事无关紧要,因为结果本身比过程更重要。
诚然,社会共识本身是民主政治的延伸,而现实世界已经证实了民主治理的缺陷,但区块链本身自带的开源与数据透明,极大程度降低了社会共识的成本,所以说,Web3的“人治”与现实主权国家的“人治”有着本质的区别。
如果我们将区块链本身视作改善民主治理中信息透明问题的一种技术手段,而不是单纯追求永远不可及的“单纯靠代码实现的Trustless”,一切似乎都变得乐观而明朗了许多。只有摆脱了技术精英所固存的那种傲慢与偏见,拥抱更为广泛的受众群体,以太坊Layer2体系才能够真正成为一个mass adoption的世界级金融基础设施。
The subtext of the author's geek lead in the face of orthodoxy may be that princes would rather have a seed. Since everyone is not trusting enough, the essence is to ensure safety by social consensus. Why is it so urgent to attack each other because the concentration of criticism is not high enough? It is true that the issue of controlling the recharge address by signing more is widely criticized, but most of them also rely on signing more to manage the contract, and even used only one address to control the contract upgrade authority. In the mainstream, almost all of them have security risks such as signing more. Nowadays, the criticism is not safe enough, which is more like technical skill. British people look down on a gold project, but regardless of which of the above two is better or worse, the significance of blockchain lies in solving the problem of opaque information in social consensus democratic governance. When promoting the supremacy of technology, we must admit that social consensus itself is more important than technology because it is the basis for ensuring the effective operation of all projects. In the final analysis, technology serves social consensus and cannot be recognized by most people. Even if the technology is superior, it is only a gorgeous appendix text in essence. Recently, the new project launched by the founder is very popular all over the network. This banner asset interest-bearing agreement has set up a recharge address in the chain. After the user deposits the funds in the address, these funds will be used for the online protoplasm deposit to earn interest, and the profits will be returned to the users. Thanks to the aura of the founder and attractive gameplay, it has won the financing of $10,000 from the leading investors and attracted the participation of countless retail investors. It is no exaggeration to say that the recharge address attracted more than $100 million in less than a day. It's like a fierce medicine in a long bear market, which instantly aroused people's enthusiasm, but at the same time, it attracted many experts' doubts, such as telling the truth with engineers. At present, only the contract for receiving recharge is deployed in the Ethereum, which can be upgraded under the control of multi-signing, in other words, the code logic of the contract may be rewritten, but it can still claim to realize the structure at the same time, but now it is just an empty shell, and even the withdrawal function will wait until next year. Most of the flaws that went online on a monthly basis are based on a group of multi-signings to manage the contract upgrade authority. Others accuse that multi-signings are just pot calling the kettle black. It is a long-standing problem. In fact, multi-signing of contracts is a long-standing problem. As early as this month, a special investigation was conducted on the contract upgrade. The so-called upgrade is to change the logical contract address pointed by the agency contract to achieve the effect of changing the contract logic. If the new contract after the change contains malicious logic, The official can steal the user's assets. According to the data from the source, at present, the mainstream and other countries have adopted the multi-signature authorized scalable contract, which can bypass the time lock restriction. It is immediately surprising that in the past, only one address was used to manage the contract upgrade, and even the multi-signature was added this month. As for those who attacked it, they can also take over the contract urgently under the multi-signature authorization, and change the contract governance into naked human governance. Interestingly, the engineers who criticized it also mentioned this point above, but the table. Now vague, so what is the significance of this emergency mode? Why do most people leave a panic button or a back door for themselves? According to the previous statement, it is difficult to iterate efficiently without introducing scalable means such as agency contracts. In addition, smart contracts hosting a large number of assets may be imperceptible, and the development team will inevitably be negligent. If some loopholes are exploited by hackers, a large number of assets may be stolen. Whether it is an agreement or an agreement, a panic button will often be set up, and members of the Committee will intervene when necessary to prevent some vicious incidents. Of course, the Committee set up can often bypass the time lock restriction and upgrade the contract code immediately. From a certain point of view, they seem to be more taboo than external factors such as hackers, or in any case, smart contracts hosting huge assets are difficult to avoid a certain degree of trust assumption, that is, it is assumed that the multi-signature controller behind the contract will not do evil unless the contract is It is the mainstream at present that it is designed to be non-upgradeable and there is no actual situation that can threaten the safety of users' assets. Either the Committee established by itself is allowed to update the contract immediately or a relatively short time lock limit is introduced. For example, anyone who wants to upgrade the contract has at least an hour's delay. If people find that the Committee intends to dope malicious logic that steals assets into the new contract code, the user has enough reaction time in theory to withdraw the assets from the time lock urgently, which is only allowed after a period of delay. You do some operations, but the crux of the problem is that many officials don't even have the mandatory withdrawal function that can bypass the sorter. To do evil, the sorter can first reject everyone's withdrawal request and then transfer the user's assets to the account controlled by the official, and then the official can update the contract according to his own needs. After the time lock is over, all the user's assets can be transferred to the chain. Of course, the actual situation may be worse than what I said, because most officials can not be delayed. The upgrade contract with inter-lock restriction means that the real de-trust of hundreds of millions of dollars can be completed almost in an instant. The delay of contract upgrade should be longer than the delay of forced withdrawal. In fact, to solve the security problem of de-trust, the following things need to be done: setting up an anti-censorship withdrawal export on the internet, users can directly withdraw assets from the lifting chain without the permission of the sorter, and the delay of forced withdrawal should not be too long, so as to ensure that users' assets can quickly withdraw from anyone who wants to upgrade the contract. The upgrade of the inter-lock delay restriction contract should take effect later than the mandatory withdrawal. For example, the current contract upgrade has at least an hour delay, so the effective delay of the mandatory withdrawal escape cabin mode should be kept within hours. In this way, users can withdraw their assets from before the contract is updated after discovering that the project party is going to adulterate malicious code in the new contract. Most of the online mandatory withdrawal escape cabin mechanisms do not meet the above conditions, such as the maximum day delay of the mandatory withdrawal escape cabin, but the Committee's contract. The upgrade delay is only small, that is to say, the Committee can complete the deployment of the new contract before the user's mandatory withdrawal takes effect, and steal the assets before the user escapes. From this point of view, there is no guarantee that the user's mandatory withdrawal will be processed before the contract upgrade. Assuming that many schemes are adopted to realize the project outside the Ethereum chain, although there is a long contract upgrade delay, such as days or longer, it often depends on the nodes under the chain to release the latest data and may launch a data detention attack to invalidate the mandatory withdrawal function, so it does not meet the security model discussed above. Here, it seems that we can be concise. 比特币今日价格行情网_okx交易所app_永续合约_比特币怎么买卖交易_虚拟币交易所平台
注册有任何问题请添加 微信:MVIP619 拉你进入群
打开微信扫一扫
添加客服
进入交流群
1.本站遵循行业规范,任何转载的稿件都会明确标注作者和来源;2.本站的原创文章,请转载时务必注明文章作者和来源,不尊重原创的行为我们将追究责任;3.作者投稿可能会经我们编辑修改或补充。
