Most smart contracts are centralized

Most web3 developers are writing code that is centralized. They’re just writing web2 code in Solidity. Be careful when you’re overpaying for “web3 developers”.

I randomly pulled out 10 projects written in Solidity. 9 of the 10 surveyed projects are centralized.

What I was looking for

Trustlessness

If you’re writing some code that is really decentralized, you shouldn’t be having to rely on the person who deployed the contract to act honestly, or for that any person to act honestly at all. It should be impossible (not hard - impossible) to be able alter the course of expected action just because the community trusted you to act honestly always.

Permissionlessness

Closely related is Censorship resistance. You shouldn’t need anyone’s permission to execute certain action that is otherwise supposed to be for “all” users. Conversely, someone shouldn’t be denied access by an arbitrary authority to be able to access an action because of action/inaction outside the contract itself (e.g bribes).

Composability

If you are writing a contract, if other contracts cannot use your contract without your permission to build on top, your contract is not composable.

Interestingly none of the contracts i studied violated this. Probably because of the design of Solidity itself - it is actually pretty hard to write code such that it breaks composability. You have to really give thought to it.

Gotchas

  • I spent less than 30s per contract, so my analysis are bound to be inaccurate
  • I looked at code that has their last commit > 1 year ago, because some contracts start as centralized and destroy centralization after stabilization
  • Many of Questbook’s (where I work) contracts also fall in the above category
Subscribe to Madhavan Malolan
Receive the latest updates directly to your inbox.
Verification
This entry has been permanently stored onchain and signed by its creator.