Detailed explanation of the security of Merlin Chain and how to protect 3.5 billion funds

Original source: Merlin Chain

Merlin Chain is undoubtedly the hottest Bitcoin native second-tier network at the moment. The mainnet reached an astonishing 35% within 30 days of its launch. TVL worth US$100 million has attracted more than 200 projects to enter construction. After Merlin launched second-layer mapped assets, multiple ecological projects successively released major updates, and hundreds of millions of dollars of liquidity poured in. The unprecedented popularity once caused congestion on the Bitcoin network. But if an ecosystem takes on billions of funds, in addition to bringing a prosperous ecosystem and liquidity, it also means being exposed to the dangerous dark forest of blockchain.

How Merlin Chain ensures the security of 3.5 billion funds is a question that all users need to be concerned about. This article will analyze the security system of Merlin Chain. As an emerging BTC L2, Merlin has considered security in every aspect of its architecture design, and has joined forces with many security teams such as Slow Mist, adding layers of plug-ins to jointly ensure fund security. Build a solid line of defense.

The architectural design is layered to ensure security and transparency

Decentralized Oracle: through decentralization of power and data transparency to resist single points of failure

Merlin Chain uses a multi-token pledge Oracle node system. The sequence node is responsible for collecting and batch processing transactions, generating compressed transaction data, ZK state roots and proofs. This data is compiled by the Oracle Network Execution Circuit and uploaded into Taproot on the Bitcoin mainnet, making it publicly accessible to the entire network.

Diversified assets: supports the pledge of $BTC, $MERL and other mainstream BRC20 assets, improving flexibility and risk resistance

Agent pledge: not only allows users to directly pledge assets to become Oracle nodes, but also provides more flexible proxy pledge options, allowing users to entrust assets to existing and reputable Oracle nodes for management

Real-time monitoring: Users can view their agent pledge status and income in real time, as well as the performance records of agent nodes

Exit mechanism: Provide a flexible exit mechanism, users can withdraw their assets at any time, ensuring the liquidity of funds

By decentralizing power and data, Merlin Chain can resist the risks caused by single points of failure and centralization.

Sharing DA layer security with Celestia

The data storage layer (DA) is similar to the database, and the execution layer All original transactions are stored here, pending subsequent checksum confirmation. For Layer2, the openness, transparency and on-chain storage of DA are extremely important. If the latest transaction data is refused to be uploaded to a trusted platform, data withholding attacks will lead to network scrapping and may prevent users from successfully withdrawing funds.

Merlin Chain uses Celestia as the data availability layer to ensure verifiable release of block data and enhance the transparency and credibility of the network.

· Celestia provides public data availability guarantees, allowing everyone to view and store the state of Merlin Chain

· Once the data is published on Celestia and Confirm availability, Rollups and applications are responsible for storing its historical data

· When receiving a new block, the node will verify the availability of the data to ensure that the data in the network is complete and consistent

Towards a layer of verification and inheriting the security of Bitcoin

Merlin Chain proposed aggregation based on Taproot A solution for writing zero-knowledge proof and Rollup data to the Bitcoin main network. All data on the second layer will be submitted to the first layer of Bitcoin for security verification. This means that any issues with the second layer, whether fraud or errors, will be discovered and blocked by the first layer. Its key components: Node, zkProver and Database work together to process and exchange data to confirm the validity of the entire transaction process, thereby ensuring the safe processing, verification and completion of data storage. This allows Merlin Chain to inherit the security of Bitcoin, provide L2 batch processing scalability, and ensure that data is anchored in Bitcoin and cannot be tampered with.

Asset management: Institutional-level security is achieved through the Cobo coordination mechanism

Currently, the assets in Merlin Chain are managed by Cobo’s MPC wallet solution To manage, adopt hot and cold wallet isolation and other measures to ensure that all cross-chain/locked funds in Merlin Chain are non-custodial and safe.

Cobo It is a well-known digital asset custody service provider, and its founder Shenyu is well-known in the industry. Its MPC wallet solution leverages advanced MPC technology to implement a threshold signature scheme that ensures private key shards are generated, encrypted, and distributed among multiple parties in a secure environment. Participants co-sign transactions without exposing each other's private key shards or forming complete private keys.

When users use Merlin Chain's cross-chain/lock-up, the Bitcoin layer network funds transferred to the cross-chain bridge will enter the MPC custody address co-managed by Cobo and Merlin Chain. For safekeeping, any transaction requires both Cobo and Merlin Chain to jointly implement Merlin Chain's predefined security risk control strategy before it can be signed and released. Any unilateral risk will not lead to the leakage of assets.

With the help of Cobo's private key encryption and sharding technology, Merlin Chain achieves institutional-level security and will not be affected by the single point of failure of the private key, making it Assets are protected from security attacks and human error.

Join well-known security teams and third-party platforms to jointly protect the protection

Merlin Security Committee: United Many security companies audit ecological projects

For public chains, the security of their ecological projects is a relatively uncontrollable but very important influencing factor. It is reported that one of the reasons why the Blast ecological project Munchables was hacked was that in order to save audit fees, an unknown security team was hired to issue an audit report.

In order to ensure the security of its ecological projects, Merlin Chain teamed up with a number of security companies to establish Merlin Security Council Security Council , including the famous Slow Mist Slowmist , " Blockchain Dark Forest Self-Rescue Manual " is widely circulated in the circle, and BlockSec , Salus , Secure3 , ScaleBit , Revoke.Cash a> and many other well-known security teams, the committee is used to fund research, education and technology development, and encourages more white hats and dApps to join this decentralized organization to protect Merlin's subsequent ecological development and construction, allowing users to be safe Participate in the Merlin ecological project.

On-chain monitoring through independent platforms such as mistTrack

Merlin Chain supports users to jointly supervise its ecological security through a third-party independent platform. In March this year, mistTrack, a security product owned by the SlowMist team, announced that it supports searching and tracking Merlin Chain. Users can query the on-chain data of Merlin and its ecological projects at any time through its platform, monitor suspicious addresses, and track down deliberate behavior to ensure the security of Merlin's funds. , providing a safe and transparent on-chain experience.

Fund security is directly related to the life and death of the public chain. Merlin Chain, as an emerging and growing Layer 2, has invested absolute resources in security since the first day of its birth, and has continued to do so even after achieving ecological success. After all, only by guarding the most basic security line can we ensure the long-term and sustained prosperity of the ecosystem. It is reported that Merlin Chain plans to add Council Grants and Merlin Bug Bounty programs in the future to encourage any individual or team to find vulnerabilities and contribute to the ecological security of Merlin Chain.

This article is from a submission and does not represent the views of BlockBeats.