Tornado Cash affair and JSON-RPC blockchain node providers
I was just finishing my response to Moxie when Tornadogate happened. I had to rewrite the original “I am happy to use Infura or Alchemy…” sentence to reflect what happened. I was wrong and Moxie was right. Maybe I was too pragmatic and I am afraid that I wasn’t alone. Actually, Infura outage was a warning sign that everyone dismissed as something that happens on every infrastructure.
There are layers of this problem though. Communication protocol, JSON-RPC, is the least problematic part. It is the node providers, often operated as U.S. based businesses that present a biggest danger to the whole ecosystem. It would be a mistake to take a software engineering angle on this: centralization of the service is something that can be solved. It is the governance that is most problematic. I don’t see companies like Consensys that operates Infura or Cloudflare transitioning into DAOs anytime soon.
And the companies that are in a process of transitioning into DAOs like Ankr are running into uncharted territory. Decentralized organizations were ignored by governments so far. What we are going to see is campaigns and propaganda, legal actions and spreading the fear by all means possible. This will be joined by organizational issues in DAOs themselves. It is really hard to establish a working organization design and I’ve seen a lot of regression in the area of management practices, teamwork and organization alignment in DAOs.
I am not writing this to dismiss the idea of decentralized organization, I am actively participating in mitigating these issues. Let’s hope we will overcome and adapt - after all, this is where the community generally excel. Let’s open the technical part of the problem.
What is Tornado Cash
Tornado Cash is a money launder service used by enemies of democratic world to sponsor terrorism, support drug trafficking and it is probably also used for smuggling small kids in canisters as seen in Death Stranding. Or that is at least what you will hear often in news, spread by the very same government that let big banks off the hook.
In reality, it is a smart contract, code that runs on blockchain. Smart contract that allows for semi-anonymous token transfers. You may want to use it, if you don’t want to give your ethereum address to the person sending you tokens. This could be useful - after all, your employer does not see your account balance as well. There are many services like this, the main Tornado difference is that it is not custodial, therefore, there is noone holding your tokens while they are in transfer. As any government, you can’t ask smart contract to follow your rules. And that is why the DOJ acts this hard, reaching out to many organizations to deplatform Torrent Cash. And they are now prosecuting the authors of code. Let it sink. People are going to be arrested for writing code that allows obscure your wallet address in transactions.
Game over?
Not by far. But we need to get more technical. As I mentioned, Torrent Cash is a smart contract - it is still there, processing transactions. This is important to understand, I’ve seen people calling out Tornado for not stopping some specific use case, but that’s a complete nonsense. It is the very same as asking Vint Cerf or Bob Kahn to remove all malware from the internet, because they developed tcp/ip.
What was shut down is the application frontend, the part that makes the interaction easy for a regular person. And, JSON-RPC gateways.
When web3 application calls the smartcontract, it needs to use a gateway. Only way around this would be to have a local ethereum node on your server and call it locally, but that’s not very feasible solution for an app developer. So in reality, people like me were using Infura or Alchemy, which provided reliable service to deploy your smartcontracts and call them via JSON-RPC interface. A code to do that is really simple and if you ever used any API you probably have an idea on what it does:
const provider = new ethers.providers.JsonRpcProvider( `https://rinkeby.infura.io/v3/${infuraID}` );
And I hope it is also clear what is wrong here from the decentralization perspective. First of all, you need your DNS to resolve the server address. And shutting down DNS record is a really easy task for any government as we’ve already witnessed. Replacing DNS with an ip address is not as straightforward as you may think, these services don’t run on a decommissioned PC in the garage. But it is doable, so let’s say that we do this instead:
const provider = new ethers.providers.JsonRpcProvider( `https://54.85.34.183/v3/${infuraID}` );
Far from victory, far from defeat we are. Now, I read a lot of other proposals to solve this problem, like using ENS (no, sorry, same problem) or other name resolving service. The problem is that you want to provide a service outside of a very specific niche, it needs to work on a regular browser with minimal friction.
We are approaching the biggest technical problem: as mentioned above, the node gateway provider like Infura is usually a regular company and they can be ordered to stop the particular service in the same way as national DNS providers. Now, these providers do not have any specific permit to run an ethereum node, in fact, you can run your own ethereum node. It is a nice, but not very cheap and practical solution. A better solution is to use an existing node that is not built by a company. That could work well on the server communication level (backend). If you replace the Infura ip address with some really decentralized nodes, you have Tornado back.
There is also hope coming with new protocols like Cosmos or Polkadot. These, what we call parachains, are built with an idea of application specific blockchains that run on top of a common, thin protocol. If you run your own parachain, you still need a gateway, but it is the gateway that is part of your parachain. It is hard to take down as long as you pay the underlying protocol with tokens. Our simplistic connection to our Cosmos gRPC provider would look like this:
grpcConn, err := grpc.Dial(
"52.85.34.183:9090", // your gRPC server address.
grpc.WithInsecure(),
grpc.WithDefaultCallOptions(grpc.ForceCodec(codec.NewProtoCodec(nil).GRPCCodec())),
)
And the main difference is that now you are the provider for the gateway address. I expect that Tornado2 will run exactly like this. Can we also run distributed nodes on parachains that would be more performant and harder to shut down? Maybe, honestly, this is an area where I need to get more experience as well.
Also, not every gateway provider is in the business just to afford new Lambo. There is a wonderful article from Michael O'Rourke about the Pocket Network situation and it seems they work hard to mitigate the issues mentioned above. Ankr is doubling down on decentralization, but there is no statement from the company on Tornadogate so that could be just a cheap PR we’ve heard so many times before.
Wrapping up, node gateway providers will be solved. This is the advantage of underlying technology that is decentralized. If any convenience layer fails, we can invent new, better ones. Ethereum is here to stay and its newer competitors can show some muscles now.
On wallets
There is another layer of this problem that is easy to forget. We use wallets to interact with some smart contracts. Wherever an application needs to identify who you are on the blockchain, you use the wallet, very often Metamask owned by the same company as Infura. If you’ll ask me month ago, I’ll be very open in demanding Google to include basic wallet functionality in Chrome. I hate friction. Everything you force your users to do is making their experience worse. But recent events render this dilemma in a very different light. I think that this area is ripe for an innovation. The wallet does not do any hard to understand magic. It is the same public/private key mechanism we know for years developed as a browser plugin. There is a development in the right direction as well, Polygon ID being a great example of zero knowledge used as identity management. Following on this will make this long article even longer, but wallets are a problem we need to tackle one day as well.
Thanks for reading.