Detailed explanation of the security of Merlin Chain: How to protect 3.5 billion funds?

Merlin Chain is undoubtedly the hottest Bitcoin-native second-layer network at the moment. The mainnet reached an astonishing TVL of US$3.5 billion within 30 days of its launch, attracting more than 200 projects to enter construction. After Merlin launched second-layer mapped assets, multiple ecological projects successively released major updates, and hundreds of millions of dollars of liquidity poured in. The unprecedented popularity once caused congestion on the Bitcoin network. But if an ecosystem takes on billions of funds, in addition to bringing a prosperous ecosystem and liquidity, it also means being exposed to the dangerous dark forest of blockchain.

How Merlin Chain ensures the security of 3.5 billion funds is a question that all users need to be concerned about. This article will analyze the security system of Merlin Chain. As an emerging BTC L2, Merlin has considered security in every aspect of its architecture design, and has joined forces with many security teams such as Slow Mist, adding layers of plug-ins to jointly ensure fund security. Build a solid line of defense.

The architecture design is layered to ensure security and transparency.

Decentralized Oracle: Resisting single points of failure through decentralized power and data transparency

Merlin Chain uses a multi-token pledge Oracle node system. The sequence node is responsible for collecting and batch processing transactions, generating compressed transaction data, ZK state roots and proofs. This data is compiled by the Oracle Network Execution Circuit and uploaded to Taproot on the Bitcoin mainnet, making it publicly accessible to the entire network.

• Diversified assets: Supports staking of $BTC, $MERL and other mainstream BRC 20 assets to improve flexibility and risk resistance
• Agent pledge: Not only allows users to directly pledge assets to become Oracle nodes, but also provides more flexible agent pledge options, allowing users to entrust assets to existing and reputable Oracle nodes for management
• Real-time monitoring: Users can view their agent pledge status and income in real time, as well as the performance records of agent nodes
• Exit mechanism: Provide a flexible exit mechanism, users can withdraw their assets at any time to ensure the liquidity of funds

By decentralizing power and data, Merlin Chain resists the risks of single points of failure and centralization.

Share DA layer security with Celestia

The data storage layer (DA) is similar to a database, where all original transactions of the execution layer are stored for subsequent verification and confirmation. For Layer 2, the openness, transparency and on-chain storage of DA are extremely important. If the latest transaction data is refused to be uploaded to a trusted platform, data withholding attacks will lead to network scrapping and may prevent users from successfully withdrawing funds.

Merlin Chain uses Celestia as the data availability layer to ensure verifiable release of block data and enhance the transparency and credibility of the network.

• Celestia provides public data availability guarantee, allowing everyone to view and store the state of Merlin Chain
• Once data is published and confirmed to be available on Celestia, Rollups and applications are responsible for storing their historical data
• When a node receives a new block, it verifies the availability of the data to ensure that the data in the network is complete and consistent

Go to one level of verification and inherit the security of Bitcoin

Merlin Chain proposed a solution based on Taproot’s aggregated zero-knowledge proof and Rollup data writing to the Bitcoin main network. All second-layer data will be submitted to the first layer of Bitcoin for security verification. This means that any issues with the second layer, whether fraud or errors, will be discovered and blocked by the first layer. Its key components: Node, zkProver and Database work together to process and exchange data to confirm the validity of the entire transaction process, thereby ensuring the safe processing, verification and completion of data storage of transactions. This allows Merlin Chain to inherit the security of Bitcoin, provide L2 batch processing scalability, and ensure that data is anchored in Bitcoin and cannot be tampered with.

Asset Management: Institutional-level security is achieved through the Cobo coordination mechanism

Currently, all assets in Merlin Chain are managed by Cobo’s MPC wallet solution, using hot and cold wallet isolation and other measures to ensure that all cross-chain/locked funds in Merlin Chain are non-custodial and safe.

Cobo is a well-known digital asset custody service provider, and its founder Shenyu is well-known in the industry. Its MPC wallet solution uses advanced MPC technology to implement a threshold signature scheme to ensure that private key shards are generated, encrypted, and distributed among multiple parties in a secure environment. All parties jointly sign transactions without exposing each other’s private key shards or forming a complete private key.

When users use Merlin Chain’s cross-chain/lock position, the Bitcoin first-level network funds transferred to the cross-chain bridge will enter the MPC custody address co-managed by Cobo and Merlin Chain for safekeeping. Any transaction must be executed jointly by both Cobo and Merlin Chain. Merlin Chain’s predefined security risk control strategy can only be signed and released, and any unilateral risk will not lead to the leakage of assets.

With the help of Cobo’s private key encryption and sharding technology, Merlin Chain achieves institutional-level security and is not affected by the single point of failure of the private key, making assets immune to security attacks and human errors.

Combine well-known security teams and third-party platforms to protect

Merlin Security Committee: Cooperate with multiple security companies to audit ecological projects

For public chains, the security of their ecological projects is a relatively uncontrollable but very important influencing factor. It is reported that one of the reasons why the Blast ecological project Munchables was hacked was that in order to save audit fees, an unknown security team was hired to issue an audit report.

In order to ensure the security of its ecological projects, Merlin Chain has established the Merlin Security Council in cooperation with several security companies, including the famous Slowmist. The “Blockchain Dark Forest Self-Help Manual” published by its founder Yu Xian in 22 years is widely circulated in the circle, as well as BlockSec, Salus, Secure 3, ScaleBit, Revoke.Cash and many other well-known security teams. The committee is used to fund research, education and technological development, and encourage more white hats and dApps to join this decentralized organization to escort the subsequent ecological development and construction of Merlin, so that users can safely participate in Merlin ecological projects.

On-chain monitoring through independent platforms such as mistTrack

Merlin Chain supports users to jointly supervise its ecological security through a third-party independent platform. In March this year, mistTrack, a security product owned by the SlowMist team, announced that it supports searching and tracking Merlin Chain. Users can query the on-chain data of Merlin and its ecological projects at any time through its platform, monitor suspicious addresses, and track down deliberate behavior to ensure the security of Merlin’s funds. , providing a safe and transparent on-chain experience.

Fund security is directly related to the life and death of the public chain. As an emerging and growing Layer 2, Merlin Chain has invested absolute resources in security since the first day of its birth, and has continued to increase its investment even after achieving ecological success. After all, only Only by guarding the most basic line of security can we ensure the long-term and sustainable prosperity of the ecosystem. It is reported that Merlin Chain plans to add Council Grants and Merlin Bug Bounty programs in the future to encourage any individual or team to find vulnerabilities and contribute to the ecological security of Merlin Chain.