Introduction

You may be looking at the title and wondering why is there a need for a “Decentralized App Store” in the first place. Let’s break it down.

For a Blockchain to resist a potential attack even from the ultimate Boss (State actors), any part of the infrastructure must be highly decentralized.

You might have noticed the recent discussions about on-chain regulatory "compliance" after the Merge. Centralized staking providers (e.g. Coinbase, Kraken, Binance) are more likely to compromise the network by being forced to comply with the regulators. Therefore, instead of using these, it would be in the interest of everyone to use more decentralized staking solutions like Rocket Pool and Stakewise. Another solution - Lido Finance - already has the majority of the staking market share, so consider sticking with the above-mentioned staking providers instead.

The current possible Achilles’ heel of censorship resistance is (centralized) RPC provider, a thesis which has already been confirmed in the past (remember when Infura accidentally blocked access to its services from Venezuela?). Even more so unexpected was the allegedly decentralized RPC node provider POKT Network rushing to comply with OFAC sanctions.

You might also have noticed that just recently, OFAC regulators enforced sanctioning & blacklisting any Ethereum address that has ever interacted with the privacy solution Tornado Cash. This decisions was taken even though there were myriads of legitimate reasons to use their service - other than for criminal purposes as mainstream media lets you believe. Fearing legal repercussions, blue-chip DeFi dapps enabled OFAC-compliant address blocking and while their smart contracts still remain unaffected, non-technical users with a history of using Tornado Cash were effectively locked out from transacting on DeFi dapps.

Domain names are currently supervised by one single entity (ICANN) and are delegated to few big Web2 players (GoDaddy, VeriSign, etc.) which results in a huge attack vector, resulting in bad actors taking over domains and redirecting user transactions towards malicious smart contracts (happened multiple times already) or state actors being able to block domains and therefore the access to dapp frontends.

The above issues wrt decentralization of dapps could easily be solved by abstracting away the frontend as we use it today and let the users interact with smart contracts without an intermediary. This is where the “Decentralized App Store” comes into play, or to be more accurate - decentralized frontends for dapps (smart contracts).

Overview: BYOA Starknet Decentralized App Store

With BYOA (which stands for “build your own algorithm”) the user owns an immutable dapp secured both on the Ethereum blockchain and by the custody of the user’s wallet, all in the form of an NFT which allows you to interact directly with the smart contract instead of navigating to a (possibly) unsafe frontend.

BYOA technical overview (quote)

In the original design of byoa there was a smart contract registry that lived on L1 and allowed developers to register byoa applications which could then be minted by users as valid ERC-721 nfts and stored in the users wallets upon minting. The byoa sdk could then be embedded on a website and allow a user to connect their wallet and have the byoa application "installed" into the page - basically let it run.

As the popularity of L1 Ethereum grew so did the price of Ethereum and so did the gas fees.  The combination of these two things made it very expensive to either register your own byoa application as a developer, or as user made it ever expensive to mint/install a byoa application into your wallet.

We decided that the best approach for Mallows and byoa would be to re-architect around a Layer 2 scalability system. Layer 1 Ethereum would be the Security layer that developers would still register immutable applications on. While there is still a cost involved, we believe that this cost is necessary for ensuring quality within the ecosystem.

Layer 2 StarkNet (via Starkware) would be where users would largely live as a Configuration layer. You would choose a registered application you wanted to install, and would install it into your StarkNet compatible wallet and all associated configuration with it. The cost becomes orders of magnitude cheaper and there is no longer a friction to adoption. And, because configuration is cheap as well, it allows apps to be developed to be more configurable by the users as opposed to one size fits all.

User guide: BYOA Starknet Decentralized App(s)

Navigate to BYOA L2 app store (link below) and connect Starknet-X or Braavos wallet to StarkNet Alpha Mainnet, then install Aave frontend client & Uniswap frontend client (mint as NFT, some minor amount of ETH for Gas fees is required)

Navigate to ETH.Limo (gateway for resolving ENS records) app page hosted on IPFS:

1. click blue home button

2. click wallet button (and connect your StarkNet wallet containing the BYOA NFT(s)

3. select app NFT (app opens i-frame, click twice to switch to full screen)

Congrats you are now on your very own (literally) UNI / AAVE frontend! Connect your Ethereum wallet to use the Dapp (Layer 2 is supported as well)

BYOA NFTs put the owner in control: the user gets to decide which version of the frontend will run. Just by “installing” or “un-installing” different versions of the Dapp available on BYOA Decentralized App store (StarkNet L2 is recommended), the user will have the choice which NFT to enable - that basically then loads the frontend. This could potentially have interesting use cases, e.g. the user doesn’t like the design or UI choices from a new frontend version (minor inconvenience) or e.g. new frontend version started fingerprinting and tracking users and submitting all the collected data to the IRS or whatnot… (probably a major inconvenience)

Please note that the BYOA apps are still in beta and at the moment it’s not possible to solve all of the problems discussed above, However, this solution is definitely a great step in the right direction - as it bypasses the inherent security risks of DNS and let users choose a frontend that doesn’t adhere to tracking and sanctioning. Custom frontends will also be possible, Mallows Team is going to opensource the contracts very soon.