The Wallet Paradox—A Roadblock in the Development of DAPP

Since the advent of BTC, more and more people have begun to use “wallets”. Blockchain wallets are essentially a private key management tool. After the developer has developed the wallet, hang it on the Internet without updating. The user has nothing to do with the developer after downloading it. The private key and any wallet information are not known to the developer. However, since the emergence of ETH, complex logic has been allowed on the chain, so DAPP has appeared in people’s vision. This is a more complicated interaction than transfer. The wallet is no longer updated after it is developed, and it gradually becomes a DAPP platform. The interaction between users and openers suddenly increased.

However, there is a legal issue that needs to be discussed. This question is a bit like a paradox. Of course, we will also give a plan to deal with this moral dilemma.

Let us first describe the simplest case: if a wallet completely abandons the interaction and is completely open source, then logically, the developer can declare that he is not responsible for any risks of the wallet; in fact, the developer cannot be held responsible. For example: a bug in the wallet, the assets that were originally transferred to the A address were transferred to the B address, which may be a disaster for many people. But there is also a situation where anyone can use this bug to create a false “loss” (that is, the B address is also his own address), and submit bug evidence to claim compensation from the developer. This is how to face a “loss”. Identify the problem.

In the traditional centralized structure, this loss can be retrieved on the back-end server; on the blockchain, the completely anonymous mechanism and the uncontrolled “server” (blockchain) simply cannot determine the authenticity of the loss! This is a dilemma of who will prove it. More seriously, if left unchecked, there may be developers who deliberately develop free “phishing” wallets to allow users’ funds to be transferred to an unknown address in some obscure way. How to obtain evidence and accountability?

The above case is the simplest. Returning to reality, once there is frequent interaction between the wallet and the user, and there is a server, the problem is even more serious.

First of all, the existence of the server is to provide information services, which must exist a subject, otherwise how to pay for the cost of the server? When this subject exists, is the association relationship determined to be a legal relationship? Or determine what kind of legal relationship? Second, similar to the simple example above, but we are more direct. Someone reverse engineered this wallet and made the “same” wallet, and then proved that it caused “loss” (such as shooting a loss-use video, etc.) ), Is it possible to apply for compensation from the developer or the entity providing the server? This is the first step. The question of this first step is whether this evidence is credible and who will prove it. If the lossr is required to prove that it is indeed a bug of the wallet (not the bug of the “wallet” after reverse engineering), and that the loss is true ( Instead of the left hand to the right) Is this too demanding for an ordinary person who does not understand technology? The second step is, if it is really a wallet issue, is this process fair to users? Or will it bring all kinds of unscrupulous “phishing” programs? If the entire process requires the developer and the server provider to prove themselves innocent, has this assumed that the developer should be responsible for it, then the scale of the loss cannot be defined by the developer, and the user is left to right, this risk exposure Who can afford it?

The above is a paradox. Users need security, and developers cannot afford the “loss” caused by insecurity. There is a missing link.

In the traditional Internet world, this risk is borne by companies or project parties, because they can control the entire process of products or services. But in the blockchain, these so-called developers cannot fully control the entire process of providing interactions. The most important part is done on the chain. In fact, they only provide a “front-end tool”.

There are two future directions for solving this problem:

The first is that all users are entrusted to the developer or project party, such as a centralized exchange. I will call you the currency and give up the private key management. The responsibility is entirely on you. This direction is logically closed loop.

The second is that the developers open source all their program codes and define them clearly (proving that the code and the program are the same), upload them to a third-party neutral platform, and let the market evaluate them. If you are willing to use them, you can use them. The agreement has nothing to do with the developer.

This second one can also achieve a logic closed loop, but the loopholes in the code are digested by users on the market. The more difficult thing is, how to arrange the responsibility of the information service part for the DAPP that provides information service, that is, the product with server? This requires legal follow-up, because this one is not as serious as the first problem, nor completely irrelevant as the second problem. This is the most complicated situation in the entire wallet problem. It is necessary to identify the responsibility boundary applied on the public chain, which involves a lot of legal support and is a long process of infrastructure construction (it may also be straightforward).

What do you think about this news? Please share your comments with us.



Leave a Reply