It has been brought to my attention that EOS Smart Contracts are not immutable, but does this mean they are not decentralized?
And do they need to be?
I think it’s safe to say in some aspects they are decentralized (in that they run in many places, many producers), but they aren’t immutable.Jesta – Greymass
So we must keep in mind there is a difference between decentralisation and immutability and whether we are talking about the blockchain or the smart contracts.
The EOS blockchain for example is extremely decentralized. In my opinion, it is actually more decentralized than both Bitcoin and Ethereum. For example, Bitcoin is split into 4 mining pools so the control of the chain lies in the hands of 4 very powerful entities. Ethereum…… well who really makes the decisions on Ethereum? EOS, on the other hand, has 21 active block producers backed up by 71 paid standbys. The top 21 active BPs who produce the blocks can be voted in and out every 60 seconds. So rest assured the EOS blockchain is in great hands and very much “decentralized”. This article focuses on the EOS Smart Contracts on which dApps (decentralized applications) run.
What’s the problem with EOS Smart Contracts?
There is no real problem with them as mutability can be desired or not depending on the circumstance. The private key or keys of an EOS smart contract are in the hands of the developer of the contract. So the worry is if the dApp happened to be storing the EOS funds of users in the smart contract the developer then becomes a potential centralized point of failure. Depending on the type of dApp we are talking about this is either extremely important or not at all. Basically if the dApps smart contract is holding large amounts of users funds it should probably have a lesser level of mutability.
Do we want 100% immutable contracts?
Mutability and immutable need to be seen as a spectrum that exists within the development cycle.EOS New York
Now the idea of an immutable contract might sound good, but as history has shown in the case of the DAO hack were $70,000,000 USD worth ETH was stolen from Ethereum token holders as there was no way to gain access to the smart contract to fix the bug which caused the vulnerability, immutability is not always such a great idea.
Having immutable contracts can also be a nightmare for developers as they must make sure there’s zero bugs in the code before launching their dApp. Keep in mind that no dApp developer can ever create “the perfect code”.
So if we don’t want immutable code what do we want?
OPTIONS… I think it depends on what the dApp’s use case is, how paramount security is for them, and whether they want the flexibility to change the smart contract with ease. Ideally, I think there should be an option for dApp developers to put their smart contract keys in the hands of the Top 21 block producers if they so desire, as EOS New York has proposed here – https://medium.com/eos-new-york/addressing-eos-token-smart-contracts-and-a-proposal-for-core-development-funding-on-eos
We need options and transparency, let the free market decide.
What we could have is a choice of…
- A totally 100% immutable contract that can not be changed under any circumstances. The keys would be nulled.
- A contract in the hands of 15 of the top 21 block producers.
- A contract in the hands of dApp developers which is mutable.
This would give dApp developers the option to choose how mutable they would like their smart contracts to be while also giving users the option to choose how much trust they are willing to put into the hands of any particular dApp developer.
Colin Talks Crypto suggested the idea of having a website from which a user can check to see what level of immutability a particular dApp has by using a light system of Green, Orange, and Red to reflect the different levels of mutability.
I think this is a good idea but my only concern with this system is the red light puts up a red flag for users when really the fact that the smart contract is mutable isn’t the end of the world and we shouldn’t be putting pressure on ALL dApp developers to place their keys in the hands of BPs. A certificate system where you either have one or don’t and can obtain different levels of security/mutability like EOS New York suggested back in December would be a better option in my opinion.
In the end, I think the users/the free market will determine how mutable various dApps need to become. Standards will be made and expectations will be met; the EOSIO software is perfectly designed to work on all levels of mutability.
I’ll leave you with some final tweets from Dan on the topic and feel free to leave your opinion in the comments!
Disclaimer. EOSwriter does not endorse any content or product on this page. While we aim at providing you with all the important information we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as investment advice.