A (New) Framework for Evaluating Degree of Decentralisation

Photo by Michael Förtsch on Unsplash

What is a DApp?

I checked out the Ethereum Foundation website and found a detailed explanation, which I’ve simplified for you. So, a decentralized application (Dapp) is a type of application that runs on a decentralised network and is used by multiple users. It needs to meet certain requirements, such as being open-source (meaning the code is freely available for anyone to view and modify), using cryptographic algorithms (to ensure secure transactions), and having decentralised consensus (meaning decisions are made collectively by the network rather than a central authority).

Here’s a simple example: think of a Dapp as a digital marketplace, like eBay or Amazon. However, instead of being run by a single company, it’s powered by a decentralised network of users who can buy and sell goods directly with each other using cryptocurrency. Since the platform is decentralised and open-source, there’s no need for a middleman to oversee transactions, which can make the process faster, cheaper, and more secure.

I believe I have covered DApps definition. Let’s highlight a few issues specifically tied to their decentralisation level that deserve some attention.

Problem …

Looking at the recent incidents such as Terra’s chain halt and the wormhole attack on Solana have actually raised questions about the true decentralisation and security of current blockchain networks. But still, Decentralised applications (DApps) proclaimed themselves as fully decentralised, yet there was no trusted guide to measure their true level of decentralisation.

This prompts me to understand more:

1. Why Decentralisation Level Matters ?
2. How to evaluate the decentralisation of Dapps ?

I’ll have ChatGPT tackle the first question (Just to be clear, I am not here to hype up ChatGPT! 😉 )

It’s quite fast and impressive to come up with the answer but fundamentally its true and the significant of understanding the degree of decentralisation is inevitable. I will leave it to you to dive deeper into it. I will move to how I evaluate the decentralisation level.

How I do it …

1. Identify key Dapp components, evaluate and determine potential issues
2. Create a workflow to access the degree of decentralisation
3. Develop a scoring mechanism
4. Apply it to a Dapp

Lets get started

1. Architectural components making up a DApp

According to Chainlink, DApps consist of three main components:

1. Frontend/UI: uses common web technologies like HTML and JavaScript, connecting to smart contracts via libraries like Web3.js or Ethers.js, and interacting through Web3 wallets like MetaMask
2. Smart contracts: hold the business logic and state, distinguishing DApps from traditional web applications.
3. Data storage: is typically off-chain, using decentralised services like IPFS or Filecoin to maintain trust-minimised properties while keeping costs low, as storing large amounts of data on-chain can be expensive.
4. Blockchain protocol: is a set of rules that govern how data is exchanged, verified, and stored within a blockchain network. Think of it as the blueprint that keeps the whole system in harmony and ensures secure, decentralised transactions

I will zoom in on these fascinating aspects of the system to uncover just how decentralised things really are

Component 1: The Frontend — Centralised vs Decentralised hosting service

The choice between them can significantly impact a Dapp’s decentralisation. Decentralised hosting technologies like Spheron and Web3 Storage reduce the risk of a single point of failure and minimise downtime.

Component 2: Data storage — On-chain and off-chain storage

Both have their pros and cons. While on-chain storage ensures data security, some DApps opt for off-chain storage due to cost-effectiveness and speed. Centralised databases can be a point of failure, but a backup algorithm can improve decentralisation.

Component 3: Smart Contract Implementation — Administrative key

The presence of administrative keys can reduce a DApp’s degree of decentralization, and examining a smart contract’s open-source code can help assign a score depending on the number of administrative keys and the security measures around it.

Component 4: The Blockchain Protocol — Permissionless (public) blockchain and Permission (private) blockchain

Permissionless (public) blockchains like Bitcoin and Ethereum generally offer better protection against single points of failure. Their decentralized nature and widespread network of nodes make it harder for a single entity to compromise the system. While permissioned (private) blockchains may have higher risks, security ultimately depends on the specific implementation and should be assessed case by case.

3. Framework

The framework relies on the architecture decision-making strategy described above. The following is the order in which I intend to construct the framework.

1. Front-end hosting service
2. Data storage
3. Smart contract
4. Blockchain protocol

4. Scoring mechanism

I’m considering the ideal scoring method and using the highly-cited paper “A Taxonomy of Blockchain-Based Systems for Architecture Design.” This paper offers a classification system for blockchains, focusing on key architectural features and the effects of design choices on performance and quality. The taxonomy is based on industry products, technical discussions, academic research, and practical blockchain experience.

In this article, I will use the research’s scoring method with +1 for “favourable” and -1 for “less favourable” criteria to evaluate system aspects. Each Dapps will receive a decentralisation score out of four, based on the four components mentioned. Points will be deducted for rule violations or not adhering to the framework.

4. Final step: Apply the framework

First up, let’s dive into Axie Infinity, a popular blockchain game. As I venture further, I will explore more apps, fine-tune our trusty framework, and uncover the secrets of decentralisation in the exciting realm of DApps and blockchain protocols. Stay tuned!

1. Front-end hosting services (-1)

According to a report published by GitLab, a DevOps platform, as of 2021, 79% of developers still host their applications on centralised infrastructure like AWS or Google Cloud, while only 21% use decentralised infrastructure like IPFS or DAT. The report also suggests that the majority of developers are not yet ready to embrace decentralisation, as it requires new skills and technology adoption. Therefore, the majority of the application failed to earn a point for frontend hosting.

2. The wallet implementation (-1)

The smart contract allows the CEO and CFO to alter contracts through authorisation codes. However, this creates a potential single point of failure if hackers obtain the code or key. Due to this security risk, I will deduct 1 point.

3. Data Storage (+1)

Although I could not find any resources mentioning an off-chain backup plan, Axie Infinity works with Chainlink Oracles to establish a highly secure, auditable on-chain randomness source, thus decentralizing the app. They earn 1 point for this, inspiring other Dapps to take action and embrace decentralisation.

4. Blockchain Protocol (+1)

Axie Infinity uses the custom-built Ronin Ethereum Sidechain, exclusive to their app, and permissionless blockchain Ethereum, earning them a point.

Score: 2 out of 4

CONCLUSION

Axie Infinity’s decentralisation score of 2 mirrors the situation for many DApps, which often depend on administration keys in smart contracts and centralised hosting, hindering true decentralisation. Yet, promising initiatives like their Chainlink Oracle partnership and the use of public Ethereum and Ronin networks signal a commitment to secure, respected blockchain protocols, earning them extra points.

I’ve highlighted improvement areas, like decentralised front-end hosting or off-chain data backup algorithms, which can help researchers and developers create more decentralised, secure Dapps. While adopting new methods may have cost trade-offs, taking action to regain user trust and enhance DApps security is crucial, right?

There’s still room to expand the workflow and evaluate Dapps manually, and I’m open to feedback and collaborations to boost decentralisation levels. Perhaps a tool to help developers assess decentralisation while building a Dapp could be useful. I’m eager to hear more ideas and continue the discussion!

References:

ChatGPT

A Taxonomy of Blockchain Based Systems for Architecture Design

• How many DeFi projects still have 'God Mode' admin keys? More than you think
• A Complete Guide to Building Ethereum dApps: Front-end and Back-end
• Private vs. Public vs. Permissioned Blockchain: A Comparative Guide
• Ronin: The engine powering Axie Infinity's growth [2023]
• Terra halted its blockchain as UST tumbles toward $0
• How many DeFi projects still have 'God Mode' admin keys? More than you think
• Axie Infinity Integrates Chainlink Oracles!
• Ronin Ethereum Sidechain | Axie Infinity

A (New) Framework for Evaluating Degree of Decentralisation was originally published in Coinmonks on Medium, where people are continuing the conversation by highlighting and responding to this story.