The recent Bancor hack has reinvigorated the conversation about how decentralized smart contracts and Ethereum DAPPs are.
As Jackson Palmer — the creator of Dogecoin — points out on Twitter, Bancor programmed the smart contract in a way that let the team freeze all funds with a “central kill switch” and upgrade the smart contract.
So, while the infrastructure hosting the app— the Ethereum blockchain — was decentralized, the amount of central authority involved renders the DAPP centralized.
The key thing here is not the hack itself – it's the fact the Bancor team had the ability to freeze funds. How many other "decentralized" DApps have a built-in kill switch that's centrally controlled? https://t.co/3XtULafGRD
— Jackson Palmer (@ummjackson) July 9, 2018
That is a quite important thing to keep in mind because it substantially decreases the trustlessness and security of the system. You need to trust Bancor not to freeze your tokens, and that may be acceptable to most.
But from a security perspective the consequences of such a design decision are way worse. Such a system needs only one account to be hacked in order to compromise the entire DAPP. That’s a serious issue not only for Bancor but also for many other DAPPs.
Summary
Code is not law
After the DAO attack back in 2016, it is now assumed that the “Code is Law” rule is pretty impossible, especially on Ethereum and on other blockchains that manage lots of complexity on the layer zero.
But this is not necessarily a bad thing if used correctly. If a smart contract can be switched off to avoid hacker attacks and thefts, what’s wrong with it?
If there is a vulnerability, someone needs to solve it, no matter what. Of course, only for a major purpose.
Centralized DApps
After having criticized the design of Bancor, Palmer started examining other projects in order to find out how common the presence of such centralized authority is among DAPPs.
It seems like Kyber Network can disable the network and upgrade the smart contract as well.
Such design could cause consequences similar to the ones suffered by Bancor in case the owner’s account gets hacked.
Also Enigma has the ability to pause all the token transfers at will as well.
Sometimes centralization is justified
Another design choice that has been questioned by Palmer is the ability of the MakerDAO contract owner to mint new MKR tokens.
Correct me if I'm wrong, but does this code not allow the owner of the MakerDAO contract to mint new coins? Source: https://t.co/hqcawp4qfU pic.twitter.com/TJ3UsrFFVn
— Jackson Palmer (@ummjackson) July 9, 2018
But it needs to be pointed out that the contract is owned by another smart contract so to understand who has the ability to create new tokens (or if that’s possible at all) we would need to analyse the other contract as well. Another thing to keep in mind is that MakerDAO actually needs the ability to mint new MKR tokens as DAI collaterals, so this ability is completely justified in this case.
Palmer also wrote against Augur, but – as the prediction market is now live – the things are changed. While the team could change everything about the ERC20 smart contract before the REP migration, from now on, they won’t do it anymore.
Bottom line
Many DAPPs have some centralized authority built into their architecture and that’s not necessarily always bad.
As we’ve seen, in the case of MakerDAO it was actually unavoidable. Many projects actually start with a high degree of central control but have plans to upgrade the contract in a way that solves this problem after they’re done with development.
The inability to upgrade a contract can prove itself more costly than some amount of centralization — which is meant to be removed — in case a bug is discovered in an active smart contract.