Authors: Carlos Trigo Seguin, Software Engineer; Wietze Slagman, Lead Engineer; and Haischel Dabian, Co-Founder of Kryha.
Web3 and the rise of digital assets
The idea of sharing information across a network of computers dates back to the mid-’70s. This concept turned out to be quite the innovation. Within a few decades, the internet found its way into many aspects of our everyday life, providing a practical framework for large-scale interaction, providing access to information, and often making life a little easier.
We are now building Web3, a more decentralized, economic generation of the world wide web. One of the most notable features of this new iteration of the web is the idea of digital assets: a digital representation of value as perceived in the real world (such as money or property). This is possible through advances in decentralized technology and creates new opportunities for digital markets.
As society moves towards large-scale digital markets, more value will be held in digital systems, increasing the demand for security and transparency. Simply put, people are especially untrusting when handling assets, and for good reason.
Web3 addresses this trust issue with battle-tested decentralized systems that guarantee data can’t be tampered with. After all, if someone can go in and move all your money around without your consent, it’s not a very trustworthy system. Fortunately, the cryptography and consensus mechanisms behind modern blockchain technology have proven effective.
Shortcomings of smart contract security
At this point you may be thinking “wait, what about these crypto hacks I keep hearing about?”. And you’ve got a point. The dubious reputation of the industry, polluted by the occasional Ponzi schemes, is not beneficial for this trust system either. This brings us to a fundamental problem in decentralized digital markets; just because the infrastructure is secure, that doesn’t mean developers building apps on it can’t write vulnerable or malicious code. Code is written by humans; humans make mistakes and not everyone has good intentions.
Attempts are made to mitigate these shortcomings by increasing the time spent testing and reviewing the security of applications, but as solutions grow in complexity and scale this process becomes inefficient and costly.
Due to this, participants in a decentralized digital market will be mutually suspicious. There is one way in which they can be sure an agreement is legitimate: checking the source code. Smart contracts can be inspected by network participants and contain all the business logic of the application. However, the benefits of this kind of transparency apply to a very small part of the potential participants and aren’t as effective for complex applications.
Agoric and Offer-safety: Improving trust in decentralized systems
Agoric is a layer 1 blockchain solution that employs a simple and effective way to alleviate the lack of trust among mutually suspicious actors through a feature called offer-safety. Rather than giving developers complete control over how assets are handled by smart contracts, offer-safety provides users a standard way to express and enforce conditions when interacting with smart contracts. At Kryha, we work with modern and innovative protocols in the Web3 space and have spent the last few months building a marketplace decentralized app, or dapp, on Agoric utilizing this feature.
Imagine you are building an NFT auction dapp on Ethereum; you would write a contract to let users send NFTs, list them “for auction,” accept incoming bids, and provide a mechanism for closing the auction and transferring the assets accordingly.
Now consider the trust required as a user of this dapp. Users must trust that whoever wrote the smart contract had good intentions and went through the trouble of securing the application by fixing critical bugs and vulnerabilities. If they have the time and knowledge, users may inspect the code before interacting with the contract, but this becomes infeasible with larger or undocumented codebases.
We often rely on reputation systems to mitigate this lack of trust. As people use software solutions, they share their experiences, and trust is built over time. While this can be effective, users will still have to fall prey to malicious or buggy applications before they earn enough of a bad reputation to deter others.
Let’s consider the same auction contract, this time using Agoric’s concept of offer-safety. As a developer, your tasks remain the same: writing contract logic for selling, bidding, and closing auctions. For the user, however, things look a little different. Instead of handing over their assets and hoping the application does what they expect it to do, they can let the contract know they are willing to give the NFT only if they receive a certain number of tokens in return, or give a number of tokens only if they receive the NFT in return. Agoric will then enforce these conditions, disregarding any proposed changes that would violate them. As a result, users need not rely on understanding contract code in order to be certain about how their assets will be handled by a smart contract.
Imagine you made a mistake when programming the auction smart contract, causing NFTs being sold to return to the seller along with the winning bid when the auction is closed. In traditional blockchain solutions, parties involved indicate the assets they are willing to give, but the assets to be received are still completely dependent on the correctness of the smart contract code, which, in this example, leaves the auction winner empty-handed.
Naturally, the same bug could be written in an Agoric smart contract. However, unlike other blockchains, users can leverage offer-safety to express the expected return when entering the agreement. For example, the seller may require at least 200 IST for their Kryha NFT, and the buyer may explicitly state they want the Kryha NFT with id 30943 for their IST.
SellerOffer = {
give: {
brand: 'Kryha NFT',
value: { id: 30943 }
},
want: {
brand: 'IST',
value: 200,
},
};
BuyerOffer = {
give: {
brand: 'IST',
value: 352,
},
want: {
brand: 'Kryha NFT',
value: { id: 30943 },
},
};
Now when the buggy contract attempts to reallocate the money and NFT to the seller, offer-safety will notice the buyer’s want condition isn’t met and throw an error, preventing the wrong payout from being executed. This means users are guaranteed they won’t leave empty-handed, regardless of bugs or unexpected logic.
Supporting the pathway to a user-centric Web3 experience
Another, perhaps more subtle, benefit of this mechanism lies in how declarative it makes contract calls. Enabling users to express what they expect to give and receive can reduce confusion in complex smart contract logic, helping users understand what’s going on, and leading to a better user experience.
As developers, we are happy to see protocols like Agoric challenge the way we think about application development. Large-scale decentralized digital markets are becoming a reality, and having the right tools to build them will play a big role in their success.
That is why we at Kryha decided to build our marketplace on Agoric. To give the power to the users in how their digital assets are handled in any form of exchange. Giving them more assurance that their wishes are always met, whether a deal succeeds or not. Pushing further our narrative of building user-centric Web3 applications and experiences.
Most blockchain solutions allow actors to implicitly specify the assets they send to smart contracts by signing transactions. This helps users understand the risk involved in smart contract agreements, but falls short of expressing (much less guaranteeing) the potential return. Agoric provides a more expressive and safe way to participate in digital agreements involving assets, which results in immediate benefits for both users and developers. If you’re interested in learning more about the Agoric platform or joining the community, visit agoric.com/community. And if you want to stay up to date with what we’re building with Agoric technology, follow Kryha on Twitter.