Skip to main content
Cardano NFT-marketplace

The First NFT-marketplace on Cardano

5 people
in the team
5 month
of work

Designed and developed in collaboration with IOHK, a decentralized application on the Plutus platform. The created DApp is one of the first NFT marketplaces on Cardano.

See the case

Myths about Blockchain Product Development

myths

When it comes to myths, it's usually about setting things straight. Many have taken shots at blockchain, and in some cases, they had valid points.

This piece is for those business founders who are thinking about making a jump from the traditional web (Web2) to the blockchain-focused web (Web3). We will address some of the most common myths about blockchain. By understanding these, you'll be better prepared and can make smarter decisions as you begin your product's development journey.

MYTH 1: If it's on the blockchain, it's transparent and safe

The main argument for using dApps sounds like this: "The smart contract code, with all its functions, is recorded on the blockchain and is publicly accessible. This means anyone can personally verify the absence of backdoors and critical vulnerabilities that could lead to the theft of user funds. Everything is transparent, regardless of the developers' intentions."

Reality

The code is only public if the developers want it to be. If a developer doesn't verify the smart contract during deployment (doesn't publish the ABI of the smart contract), then instead of seeing neatly written code with comments, you'll be faced with bytecode, which is practically impossible to read and understand.

For instance, let's check out a function in a smart contract in its original form and how it's decompiled by a blockchain explorer.

Etherscan, the blockchain explorer itself, offers to decompile the code, but this decompiled code is unreadable and almost worthless. It's clear that the code is significantly different from what the developer originally intended:

Source code

```solidity
    function sweep(IERC20 token, address recipient)
        external
        onlyRole(DEFAULT_ADMIN_ROLE)
    {
        uint256 amount = token.balanceOf(address(this));
        token.safeTransfer(recipient, amount);

        emit Sweep(address(token), amount);
    }
```

Decompiled code from the blockchain explorer

```
def unknownb8dc491b(uint256 _param1, uint256 _param2) payable: 
  require calldata.size - 4 >=′ 64
  require _param1 == addr(_param1)
  require _param2 == addr(_param2)
  if not unknown248a9ca3[0][caller].field_0:
      mem[128 len 42] = call.data[calldata.size len 42]
      idx = 41
      s = caller
      while idx > 1:
          if s % 16 >= 16:
              revert with 0, 50
          if idx >= 42:
              revert with 0, 50
          mem[idx + 128 len 8] = Mask(8, -(0, 0) + 256, 0) << (0, 0) - 256

…
  log 0xab224606: ext_call.return_data1)

```

[It's not a mistake; that wild artifact really is in the second line. That's how Etherscan's decompiler spit it out.]

But let's imagine the smart contract is verified. How many users actually know the programming language for smart contracts? And out of those who know Solidity, how many take the time to go through hundreds of lines of code just to swap a few tokens? The number is incredibly small.

Ensuring Safety


Beyond a well-crafted whitepaper and thorough documentation, you might need to dig a bit deeper into your pockets! Consider turning to an audit firm, or better yet, two. These firms will impartially review your smart contract's code and release a public report detailing all the vulnerabilities they found (which, of course, should be fixed by then). An audit can range in cost from $5,000 to $500,000. For instance, the Gearbox protocol seeks roughly this amount from its treasury for a double audit. You could potentially bypass this step since audits don't guarantee absolute security and projects can still get hacked post-audit. However, having an audit makes your project appear much more trustworthy to users and in social media. After all, a scam project wouldn't bother getting audited, right?

MYTH 2: Decentralization = Immunity to Censorship

People still debate the concept of "decentralization." It's an incredibly fascinating topic, undoubtedly worthy of its own article. For now, I suggest we view decentralization as a means of resisting censorship. If there's no central authority controlling the system and no technical way to restrict transactions, does this mean the blockchain is a sanctuary of freedom?

Reality

Let's start with the fact that after Ethereum's transition to PoS, there emerged a serious risk of total censorship on Ethereum. In November 2022, as per this article from Cointelegraph, over 73% of blockchain nodes used OFAC software. This software pre-validated transactions from addresses on OFAC's blacklist. Addresses land on this list due to various offenses like drug trafficking, money laundering, etc. It might sound like a noble cause, but such tools can be exploited for political games or simply to suppress dissident citizens. The extent of this censorship is variable and changes daily. You can view the related charts here.

Ethereum Node Censorship Percentage Since the Transition to PoS

Given this, it's necessary to approach claims that the blockchain is decentralized and immune to censorship with a bit more caution. It might be more pragmatic not to view things as strictly black or white (centralized vs. decentralized) but to consider the degree of centralization and the aspiration of these products towards decentralization.

So, why is this understanding crucial, and what can businesses do with it? 

They can contribute to enhancing the decentralization level of their product and the blockchain as a whole. Be socially responsible to the blockchain community: set up their nodes, participate in conferences, conduct research, and invest in infrastructure projects and decentralization. It might sound naive, but this is precisely the spirit that birthed the blockchain. Also, if a product aims to be highly decentralized, then instead of using bespoke centralized services, one can employ more decentralized infrastructure solutions like The Graph Network, Chainlink, IPFS, and others.

At this stage in Web3's development, there are numerous bottlenecks where developers and the community can't escape centralized systems: all announcements are made on X (formerly Twitter), community interaction happens on Discord, development is carried out on GitHub, and so on. This indicates that the pioneers of the Web3 world have a lot more work ahead of them.

MYTH #3: If it's on the blockchain, it means the product is anonymous

When you create a crypto wallet, you don't input any personal details. So, logically, one would assume it's impossible to associate you with the wallet address, right? But is everything as anonymous as it seems at first glance? Let's delve deeper.

Reality check

Blockchains are pseudo-anonymous. This means that addresses and transactions are public. If someone can link your wallet address to your identity, your cover's blown.

Can this actually happen? Theoretically, yes. Thanks to blockchain analysis techniques, it's possible to link transactions or addresses to a specific person or organization. Patterns, repeat transactions, and other data can help paint a user activity profile that may point right at you or a group you're part of.

Thinking this sounds like high-tech hacker stuff? It’s not, to be honest. There's this tool called Arkham Intelligence. It's a pretty user-friendly interface to dive into transaction histories and wallet balances. Take Justin Sun's wallet for example - a peek into it shows balances across various blockchains, his DEX activity, and transactions with other de-anonymized addresses. Every time Justin makes a move on a DEX, there are legions of Twitter bots broadcasting it to the community. Some traders even have bots set up to mimic these moves.

Moreover, many businesses aren't particularly motivated to keep user data anonymous. Why? Because aggregating on-chain data and comparing it to user behavior helps in refining future product versions. In theory, this data collection and analysis could expose users' identities.

Another thing to keep in mind: decentralized protocols can still fall under legislative rules. Take Uniswap, for instance. Their user agreement mentions they operate under US jurisdiction and might hand over data when the authorities come knocking. While Uniswap doesn't explicitly ask for personal details, they do gather them from public sources, consolidate and analyze. Theoretically, if authorities asked for it, the protocol could serve up this data on a silver platter, making their job much easier. Sounds paranoid? Well, devs behind the TOR browser even advise against maximizing the browser window because sites collect screen size info, warning it could be a giveaway. I trust these guys know a thing or two about privacy. 😉

MYTH #4: Blockchain is a Free Virtual Machine Without Infrastructure Costs

Having a vast and ready-to-go infrastructure is one of the major perks of the blockchain. You don't have to spend a lot of funds on it: even the simplest computer can write to and read from the blockchain since the heavy lifting is done by powerful nodes.

From this, it's easy to assume that deploying a smart contract is just a one-time fee (maybe a few hundred USD) and then no more costs for upkeep.

Reality

It's not quite like that. Sure, deploying a smart contract might not break the bank, but if you're looking to analyze your product's data, you'll need access to the blockchain's historical data. Getting this data might mean either setting up your own node or dishing out cash for services like Infura or Alchemy. For instance, Infura might set you back $225 a month for a million requests, while running your own Ethereum node might cost you about as much as a 20-terabyte server.

Aside from archival data, you'll probably need some extra tools for your product. For indexing blockchain data, you'll need to craft and deploy a subgraph, like on The Graph Network, where you pay indexers in GRT tokens. Every 100,000 requests? That'll be about $50, and if you're hitting 30 million requests, be ready to fork out around $4500 a month. Does your business really need this subgraph? If your main selling point is a high degree of decentralization, then probably.

Oracles, those handy tools for business, aren't free either. Take a request in the Chainlink VRF on the Ethereum network to get a list of random numbers—it might cost you around 3 LINK tokens, or roughly $23. Oracles are essential for nearly any project, especially if it's tightly linked to real-world data like fiat-currency exchange rates, stocks prices or sports game results.

Remember, infrastructure needs regular attention and upkeep. Developers, who play a crucial role, deserve compensation. Don't overlook this when setting your project budget.

MYTH #5: "Code is Law" or The Immutability of Smart Contract Code

The immutability of smart contract code is yet another advantage of Web3 products over Web2. Often, when this is mentioned, it's implied that the logic written into a smart contract won't be covertly changed, and the creators of the protocol can't manipulate things to deceive their users. This is indeed the case for protocols like Uniswap, Yearn, and many others. Versions of these protocols operate unchanged for years, and even when a new protocol is introduced, the old one continues to function.

Reality


Blockchain technology is often lauded for its immutable nature. However, there's a concept known as "upgradeable," which provides developers the flexibility to modify the code of smart contracts. This allows for a comprehensive redefinition of the contract's logic, while preserving the original data.

One might wonder, doesn't this counteract the foundational principle of blockchain's permanence? And would this compromise users' trust in the system?

To provide transparency, developers often make the smart contract code accessible via block explorers. Within this code, both proxy contracts and the primary logic are visible. While individuals with a technical background can easily identify this "upgradeability", average users can reference audits where this feature will be distinctly highlighted.

The upgradeability of smart contracts offers significant advantages. It facilitates better optimization, efficient error rectification, and enhances user experience. If a potential vulnerability is identified, proactive measures can be taken before any malicious exploit occurs, reinforcing user confidence.

Moreover, the prerogative to upgrade isn't exclusive to developers. Through mechanisms like a DAO (Decentralized Autonomous Organization), the broader community can suggest, endorse, and even implement modifications.

For those who might be apprehensive about fully integrating with a DAO, yet value both upgradeability and user trust, a prudent approach would be to delineate a roadmap. This can specify conditions under which the upgrade feature might be limited or introduce a version sans this capability.

Conclusions

After reading about the challenges of censorship, anonymity, and other blockchain nuances, one might assume it's a bad idea to create an app. But don't get it twisted! The goal of this article isn't to discourage you from developing decentralized applications. Rather, we're rooting for more quality blockchain products. We're here to spill the beans on web3 — both its pitfalls and perks — to help you navigate and make informed decisions for your project.

zksync
Hot
rwa
New
anonymus
New
Zero-knowledge proof explained and 2024 Trends

Yevgeniy Biktimirov

Venture Analyst

Articles

ethereum
web3
dApps
cpay
Featured story
stock market chart
Featured story
planets
fundraising
Featured story
cto
wallet
Account Abstraction: A Tool Against Gas Fees in Your dApp

Nico Bordunenko

Project manager at MetaLamp

Articles

ethereum
web3
tokens
Featured story
rocketcomputer
Featured story
How to create a design for a startup MVP in 7 days

Julia Cherepanova

Head of Design Office

Articles

startup
MVP
design
crypto wallets
Featured story
speed up development
myths
Featured story
Myths about Blockchain Product Development

Nico Bordunenko

Project manager at MetaLamp

Articles

web3
dApps
startup
mvp launching rocket
Featured story
Who should be hired on the team to launch an MVP?

Alexey Sukharev

HEAD OF Sales DEPARTMENT

Articles

business
startup
MVP
galaxy
Featured story
magazine
Top 6 Trends in Crypto Apps 2023

Roman Shtih

CEO Metalamp

Articles

web3
dApps
cryptocoffee
investments
investors
squares
The first NFT marketplace on Cardano

Stanislav Zhdanovich

Haskell developer

Articles

cardano
web3
NFT
stair
bridge
abstraction
How we use our own training program to hire Plutus engineers

Svetlana Dulceva

The Education Program Supervisor

Articles

education
cardano
web3
mountains
computer in space
A perfect HR: why are IT companies happy with our junior developers?

Svetlana Dulceva

The Education Program Supervisor

Articles

education
web2
business
salary
IT developer
cardano
chains
abstraction
salary
Featured story
rocket
a man with books
Featured story