banner
Ethereum Dapps are not so decentralized
Ethereum Dapps are not so decentralized
Ethereum

Ethereum Dapps are not so decentralized

By Adrian Zmudzinski - 12 Jul 2018

Chevron down

The recent Bancor hack has reinvigorated the conversation about how decentralized smart contracts and Ethereum DAPPs are.

As Jackson Palmer — the creator of Dogecoinpoints out on Twitter, Bancor programmed the smart contract in a way that let the team freeze all funds with a “central kill switch” and upgrade the smart contract.

So, while the infrastructure hosting the app— the Ethereum blockchain — was decentralized, the amount of central authority involved renders the DAPP centralized.

https://twitter.com/ummjackson/status/1016455890294091776

 

That is a quite important thing to keep in mind because it substantially decreases the trustlessness and security of the system. You need to trust Bancor not to freeze your tokens, and that may be acceptable to most.

But from a security perspective the consequences of such a design decision are way worse. Such a system needs only one account to be hacked in order to compromise the entire DAPP. That’s a serious issue not only for Bancor but also for many other DAPPs.

Code is not law

After the DAO attack back in 2016, it is now assumed that the “Code is Law” rule is pretty impossible, especially on Ethereum and on other blockchains that manage lots of complexity on the layer zero.

But this is not necessarily a bad thing if used correctly. If a smart contract can be switched off to avoid hacker attacks and thefts, what’s wrong with it?

If there is a vulnerability, someone needs to solve it, no matter what. Of course, only for a major purpose.

Centralized DApps

After having criticized the design of Bancor, Palmer started examining other projects in order to find out how common the presence of such centralized authority is among DAPPs.

It seems like Kyber Network can disable the network and upgrade the smart contract as well.

Such design could cause consequences similar to the ones suffered by Bancor in case the owner’s account gets hacked.

Also Enigma has the ability to pause all the token transfers at will as well.

Sometimes centralization is justified

Another design choice that has been questioned by Palmer is the ability of the MakerDAO contract owner to mint new MKR tokens.

https://twitter.com/ummjackson/status/1016461976904466432

But it needs to be pointed out that the contract is owned by another smart contract so to understand who has the ability to create new tokens (or if that’s possible at all) we would need to analyse the other contract as well. Another thing to keep in mind is that MakerDAO actually needs the ability to mint new MKR tokens as DAI collaterals, so this ability is completely justified in this case.

Palmer also wrote against Augur, but – as the prediction market is now live – the things are changed. While the team could change everything about the ERC20 smart contract before the REP migration, from now on, they won’t do it anymore.

Bottom line

Many DAPPs have some centralized authority built into their architecture and that’s not necessarily always bad.

As we’ve seen, in the case of MakerDAO it was actually unavoidable. Many projects actually start with a high degree of central control but have plans to upgrade the contract in a way that solves this problem after they’re done with development.

The inability to upgrade a contract can prove itself more costly than some amount of centralization — which is meant to be removed — in case a bug is discovered in an active smart contract.

Adrian Zmudzinski
Adrian Zmudzinski

Adrian is passionate about technology and Information Technology (IT). Adrian specialized in the analysis of tokens, the blockchain technology, and cryptocurrencies. His interest in Bitcoin dates back to 2009 and it rapidly transformed into a more general interest of the still arising cryptocurrency industry. His analyses are concerned mostly by the technological potential underlying the analyzed token.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.