Myths about Blockchain Product Development

The main argument for using dApps sounds like this: "The smart contract code, with all its functions, is recorded on the blockchain and is publicly accessible. This means anyone can personally verify the absence of backdoors and critical vulnerabilities that could lead to the theft of user funds. Everything is transparent, regardless of the developers' intentions."

Reality

The code is only public if the developers want it to be. If a developer doesn't verify the smart contract during deployment (doesn't publish the ABI of the smart contract), then instead of seeing neatly written code with comments, you'll be faced with bytecode, which is practically impossible to read and understand.

For instance, let's check out a function in a smart contract in its original form and how it's decompiled by a blockchain explorer.

Etherscan, the blockchain explorer itself, offers to decompile the code, but this decompiled code is unreadable and almost worthless. It's clear that the code is significantly different from what the developer originally intended:

Source code

Decompiled code from the blockchain explorer

[It's not a mistake; that wild artifact really is in the second line. That's how Etherscan's decompiler spit it out.]

But let's imagine the smart contract is verified. How many users actually know the programming language for smart contracts? And out of those who know Solidity, how many take the time to go through hundreds of lines of code just to swap a few tokens? The number is incredibly small.

Ensuring Safety

Beyond a well-crafted whitepaper and thorough documentation, you might need to dig a bit deeper into your pockets! Consider turning to an audit firm, or better yet, two. These firms will impartially review your smart contract's code and release a public report detailing all the vulnerabilities they found (which, of course, should be fixed by then). An audit can range in cost from $5,000 to $500,000. For instance, the Gearbox protocol seeks roughly this amount from its treasury for a double audit. You could potentially bypass this step since audits don't guarantee absolute security and projects can still get hacked post-audit. However, having an audit makes your project appear much more trustworthy to users and in social media. After all, a scam project wouldn't bother getting audited, right?

People still debate the concept of "decentralization." It's an incredibly fascinating topic, undoubtedly worthy of its own article. For now, I suggest we view decentralization as a means of resisting censorship. If there's no central authority controlling the system and no technical way to restrict transactions, does this mean the blockchain is a sanctuary of freedom?

Reality

Let's start with the fact that after Ethereum's transition to PoS, there emerged a serious risk of total censorship on Ethereum. In November 2022, as per this article from Cointelegraph, over 73% of blockchain nodes used OFAC software. This software pre-validated transactions from addresses on OFAC's blacklist. Addresses land on this list due to various offenses like drug trafficking, money laundering, etc. It might sound like a noble cause, but such tools can be exploited for political games or simply to suppress dissident citizens. The extent of this censorship is variable and changes daily. You can view the related charts here.

Ethereum Node Censorship Percentage Since the Transition to PoS

Given this, it's necessary to approach claims that the blockchain is decentralized and immune to censorship with a bit more caution. It might be more pragmatic not to view things as strictly black or white (centralized vs. decentralized) but to consider the degree of centralization and the aspiration of these products towards decentralization.

So, why is this understanding crucial, and what can businesses do with it? 

They can contribute to enhancing the decentralization level of their product and the blockchain as a whole. Be socially responsible to the blockchain community: set up their nodes, participate in conferences, conduct research, and invest in infrastructure projects and decentralization. It might sound naive, but this is precisely the spirit that birthed the blockchain. Also, if a product aims to be highly decentralized, then instead of using bespoke centralized services, one can employ more decentralized infrastructure solutions like The Graph Network, Chainlink, IPFS, and others.

At this stage in Web3's development, there are numerous bottlenecks where developers and the community can't escape centralized systems: all announcements are made on X (formerly Twitter), community interaction happens on Discord, development is carried out on GitHub, and so on. This indicates that the pioneers of the Web3 world have a lot more work ahead of them.

When you create a crypto wallet, you don't input any personal details. So, logically, one would assume it's impossible to associate you with the wallet address, right? But is everything as anonymous as it seems at first glance? Let's delve deeper.

Reality check

Blockchains are pseudo-anonymous. This means that addresses and transactions are public. If someone can link your wallet address to your identity, your cover's blown.

Can this actually happen? Theoretically, yes. Thanks to blockchain analysis techniques, it's possible to link transactions or addresses to a specific person or organization. Patterns, repeat transactions, and other data can help paint a user activity profile that may point right at you or a group you're part of.

Thinking this sounds like high-tech hacker stuff? It’s not, to be honest. There's this tool called Arkham Intelligence. It's a pretty user-friendly interface to dive into transaction histories and wallet balances. Take Justin Sun's wallet for example - a peek into it shows balances across various blockchains, his DEX activity, and transactions with other de-anonymized addresses. Every time Justin makes a move on a DEX, there are legions of Twitter bots broadcasting it to the community. Some traders even have bots set up to mimic these moves.

Moreover, many businesses aren't particularly motivated to keep user data anonymous. Why? Because aggregating on-chain data and comparing it to user behavior helps in refining future product versions. In theory, this data collection and analysis could expose users' identities.

Another thing to keep in mind: decentralized protocols can still fall under legislative rules. Take Uniswap, for instance. Their user agreement mentions they operate under US jurisdiction and might hand over data when the authorities come knocking. While Uniswap doesn't explicitly ask for personal details, they do gather them from public sources, consolidate and analyze. Theoretically, if authorities asked for it, the protocol could serve up this data on a silver platter, making their job much easier. Sounds paranoid? Well, devs behind the TOR browser even advise against maximizing the browser window because sites collect screen size info, warning it could be a giveaway. I trust these guys know a thing or two about privacy. 😉

Having a vast and ready-to-go infrastructure is one of the major perks of the blockchain. You don't have to spend a lot of funds on it: even the simplest computer can write to and read from the blockchain since the heavy lifting is done by powerful nodes.

From this, it's easy to assume that deploying a smart contract is just a one-time fee (maybe a few hundred USD) and then no more costs for upkeep.

Reality

It's not quite like that. Sure, deploying a smart contract might not break the bank, but if you're looking to analyze your product's data, you'll need access to the blockchain's historical data. Getting this data might mean either setting up your own node or dishing out cash for services like Infura or Alchemy. For instance, Infura might set you back $225 a month for a million requests, while running your own Ethereum node might cost you about as much as a 20-terabyte server.

Aside from archival data, you'll probably need some extra tools for your product. For indexing blockchain data, you'll need to craft and deploy a subgraph, like on The Graph Network, where you pay indexers in GRT tokens. Every 100,000 requests? That'll be about $50, and if you're hitting 30 million requests, be ready to fork out around $4500 a month. Does your business really need this subgraph? If your main selling point is a high degree of decentralization, then probably.

Oracles, those handy tools for business, aren't free either. Take a request in the Chainlink VRF on the Ethereum network to get a list of random numbers—it might cost you around 3 LINK tokens, or roughly $23. Oracles are essential for nearly any project, especially if it's tightly linked to real-world data like fiat-currency exchange rates, stocks prices or sports game results.

Remember, infrastructure needs regular attention and upkeep. Developers, who play a crucial role, deserve compensation. Don't overlook this when setting your project budget.

The immutability of smart contract code is yet another advantage of Web3 products over Web2. Often, when this is mentioned, it's implied that the logic written into a smart contract won't be covertly changed, and the creators of the protocol can't manipulate things to deceive their users. This is indeed the case for protocols like Uniswap, Yearn, and many others. Versions of these protocols operate unchanged for years, and even when a new protocol is introduced, the old one continues to function.

Reality

Blockchain technology is often lauded for its immutable nature. However, there's a concept known as "upgradeable," which provides developers the flexibility to modify the code of smart contracts. This allows for a comprehensive redefinition of the contract's logic, while preserving the original data.

One might wonder, doesn't this counteract the foundational principle of blockchain's permanence? And would this compromise users' trust in the system?

To provide transparency, developers often make the smart contract code accessible via block explorers. Within this code, both proxy contracts and the primary logic are visible. While individuals with a technical background can easily identify this "upgradeability", average users can reference audits where this feature will be distinctly highlighted.

The upgradeability of smart contracts offers significant advantages. It facilitates better optimization, efficient error rectification, and enhances user experience. If a potential vulnerability is identified, proactive measures can be taken before any malicious exploit occurs, reinforcing user confidence.

Moreover, the prerogative to upgrade isn't exclusive to developers. Through mechanisms like a DAO (Decentralized Autonomous Organization), the broader community can suggest, endorse, and even implement modifications.

For those who might be apprehensive about fully integrating with a DAO, yet value both upgradeability and user trust, a prudent approach would be to delineate a roadmap. This can specify conditions under which the upgrade feature might be limited or introduce a version sans this capability.

After reading about the challenges of censorship, anonymity, and other blockchain nuances, one might assume it's a bad idea to create an app. But don't get it twisted! The goal of this article isn't to discourage you from developing decentralized applications. Rather, we're rooting for more quality blockchain products. We're here to spill the beans on web3 — both its pitfalls and perks — to help you navigate and make informed decisions for your project.