100% decentralized DeFi does not exist (yet)
Blockchain technology was born in the 90s. It gained momentum with the creation of Bitcoin in 2008 by the famous and anonymous Satoshi Nakamoto - the creator of this type of database that allows for anonymous and decentralized peer-to-peer trading.
Then in 2015, another blockchain appeared: Ethereum. It has introduced the concept of smart contract, which completes the transactions stored in the blockchain with the instructions for transferring tokens. The idea is to register not transactions, but programming instructions, which will be executed when reading that particular part of a certain block of the Ethereum blockchain. However, this system does not have the power of advanced programming languages and is limited to the "real time" execution of the smart contract when it has been written (it is always and only when the transaction containing the smart contract has "passed" that it is executed). It is also complicated to use exogenous data (located on a ledger or an external database) in the smart contract.
Smart contracts are behind the rise of DApps, i.e. decentralized applications, but for now they are only decentralized in name, as none of them can claim to be 100% decentralized. Ethereum, just like Bitcoin and all the blockchains that have appeared since, remains bound by certain compromises between scalability (i.e. the maximum number of transactions that the network is able to "handle" each second), security and decentralization. This is the famous "trilemma" mentioned by Vitalik Buterin, the emblematic co-founder of Ethereum, that no project has yet managed to solve completely.
When it comes to Bitcoin and Ethereum, for example, the problem lies in their scalability and decentralization (measured by the NDC: Nakamoto Decentralization Coefficient).
Decentralization is thus far from being total on these two blockchains, as on all current blockchains. The excellent study "Are Blockchains Decentralized?" by the New York agency trailofbits.com, published in June of this year, lists the ways in which control, and therefore centralization, can occur on a blockchain:
Authoritative centrality: What is the minimum number of entities necessary to disrupt the system? This number is called the Nakamoto coefficient, and the closer this value is to one, the more centralized the system. This is also often referred to as “Governance Centrality”.
Consensus centrality: Similar to authoritative centrality, to what extent is the source of consensus (e.g., proof-of-work [PoW]) centralized? Does a single entity (like a mining pool) control an undue amount of the network’s hashing power?
Motivational centrality: How are participants disincentivized from acting maliciously (e.g., posting malformed or incorrect data)? To what extent are these incentives centrally controlled? How, if at all, can the rights of a malicious participant be revoked?
Topological centrality: How resistant is the consensus network to disruption? Is there a subset of nodes that form a vital bridge in the network, without which the network would become bifurcated?
Network centrality: Are the nodes sufficiently geographically dispersed such that they are uniformly distributed across the internet? What would happen if a malicious internet service provider (ISP) or nation-state decided to block or filter all DLT traffic?
Software centrality: To what extent is the safety of the DLT dependent on the security of the software on which it runs? Any bug in the software (either inadvertent or intentional) could invalidate the invariants of the DLT, e.g., breaking immutability. If there is ambiguity in the DLT’s specification, two independently developed software clients might disagree, causing a fork in the blockchain. An upstream vulnerability in a dependency shared by the two clients can similarly affect their operation.
There are two major vulnerabilities for which no major blockchain can currently offer an ironclad solution:
- 51% attack
First, there is the risk of a 51% attack - or Sybil attack. An ill-intentioned actor can try to create a multitude of nodes in order to "weigh" on the block validation vote. To do this, the cost per node has to be dissuasive, but this has the major disadvantage of requiring the use of a centralized trusted third party (TTP), which is centralized by definition…
Even without a Sybil attack, some conglomerates of block validators sometimes reach a size that makes them capable of attaining the majority necessary to take control. Such is the case with the Ethereum blockchain since the Merge to a Proof-of-Stake consensus with the conglomerate of about thirty validators Lido, whose deposits weighed more than 5 billion dollars in ETH in November 2022. It should be noted that this threat has been addressed with Ethereum POW by introducing a 2/3 majority vote of validators to finalize a block (the "slashing" penalty) - but the inability to withdraw tokens for a depositor who wishes to withdraw from a validator as long as the "transfer stake" function is not available also reinforces the centralized aspect. One step forward, one step back...
- Use of external servers
Nearly all current blockchains, while securely encrypted, rely on one or more centralized intermediaries to operate. Bitcoin, for example, passes more than 60% of its traffic (i.e. the flow of transactions registered to the copies of the ledger maintained by each node) through only 3 ISPs (Internet Service Providers), which are centralized entities...
When will we see a truly decentralized DeFi?
These limitations make it impossible to provide fully decentralized DeFi applications, even though this is a prerequisite for the deployment of Web3, which is based, among other things, on the total decentralization of data. A newly designed "layer 1" project with maximum decentralization as a prerequisite - and reaching an acceptable compromise on the other two aspects of the "trilemma" - would be a major strategic investment in the portfolio of a Web3 investment fund...
This would require a blockchain structurally designed to offer a Nakamoto coefficient of at least 100 (the top current major blockchains reach 25) and 5-digit scalability (on the order of 10,000 transactions per second).
We would then have to develop the concept of an "autonomous smart contract", capable of carrying out, at a given moment, an operation previously determined in the blockchain - including the execution of another "secondary" smart contract registered further upstream in the blockchain. Finally, this blockchain would have to allow the storage of information and data, in addition to transactions and smart contract instructions, thus avoiding the need to rely on potentially centralized external databases, or even worse, human intervention in the execution of the main smart contract.
This blockchain exists. It was a hit at the last Paris Blockchain Week event in April 2022, and showcased the first autonomous smart contract POC live. I am lucky enough to be one of the first investors along with the Web3 fund Quadrilium Ventures. As a participant of the CfC St Moritz, you will have the opportunity to meet them during these 3 days in January 2023, because they are coming to present their latest achievements. Don't miss Massa Network during these 3 days...
About the Author
This article has been authored by Frédéric Bonelli, Senior Advisor @Quadrilium Ventures