Primer on Decentralized Apps

What are Dapps? 

To the user, dapps look and function like typical websites or smartphone applications. They often enable popular web3 use cases such as decentralized finance (DeFi), NFTs, and gaming. But on the back end, they rely on blockchain, smart contracts, tokens, and digital wallets. Dapps were first explored in a 2014 paper, The General Theory of Decentralized Applications, which proposed that dapps be defined by four key principles:  

• Open-source software and community ownership and governance; 

• Data storage on a public, decentralized blockchain;  

• The use of tokens to reward contributions; and 

• Distribution of the dapp’s assets as rewards on the network. 

Dapps today vary in the extent to which they embrace these principles. For example, many DeFi apps employ community ownership and token distribution, while other dapps run on open-source software but do not have a dapp-native token. And many dapps are run by a core group of developers and investors, at least during the initial phases, with the goal of decentralizing over time.

Dapps primarily operate on the blockchain, a database of transactions that are distributed and secured across a network of many computers, or nodes. Most blockchains are permissionless, append-only ledgers, meaning data can only be added, never altered or removed. Some blockchains, like Ethereum, also function as a type of distributed computer on which developers can build and deploy dapps. These dapps use the blockchain to store data, run software, and process transfers of cryptocurrency. While the first dapps were published on Ethereum in 2016, many other blockchains support dapps today, including Avalanche, Tron, and Solana.  

“Smart contracts”—software programs that execute automatically when certain conditions are met—are the mechanism by which dapps are deployed and operate on blockchains. This software operates without any third party oversight or intervention, and the code is typically open-source and available for anyone to view and audit. In fact, the code of many dapps has been audited by third party security firms to verify that it is free of bugs and malicious code. Smart contracts ensure that dapps are “inherently composable,” meaning that developers can reuse open source code from existing dapps in new projects. This web3 “superpower” greatly accelerates innovation by increasing efficiency and reducing concerns about frivolous intellectual property litigation. 

As noted above, some dapps initially function like typical “web2” companies in that developers and other employees are paid to build and promote the dapp. Other dapps have realized the goal of decentralizing by allocating ownership to users via distributed tokens. In that case, each dapp can produce its own, native token; for example, the DeFi dapp Compound issues COMP, which can be traded on the Ethereum blockchain. Tokens provide a means of governing dapps, allowing token holders to vote on proposed changes to the dapp protocol. Finally, tokens can be distributed to dapp users and developers as rewards for achievements and contributions. 

To access dapps, users must download a web3 browser extension or digital wallet app. While most dapps, such as OpenSea or Compound, appear as typical websites on conventional web browsers, they will prompt users to connect a web3 wallet to make purchases, deposit crypto, or vote using their governance tokens. 

Benefits and Limitations of Dapps 

Like any decentralized, web3 technology, dapps provide users with increased privacy and autonomy. But dapp adoption has been relatively slow, in part due to barriers to entry and a lack of regulatory clarity.  

Benefits of Dapps

Built-in Verifiability and Trust. Most dapps run on smart contracts that are public and open-source. This means that anyone is free to audit the underlying code, which offers complete disclosure of the dapp’s functionality. Once a smart contract is deployed, the terms are typically immutable. Moreover, all transactions on the blockchain are recorded and trackable in real time, allowing parties to verify that the terms of the agreement were met. Instead of the famous Google motto, “don't be evil,” smart contracts “can't be evil,” allowing users to place their trust in “the laws of math instead of human beings.” 

For example, a smart contract for an NFT marketplace might specify terms for:

• The creation, ownership, and transfer of NFTs; 

• Royalty amounts; 

• Protocol fees; 

• Terms of auctions, including bidding rules and timeframes; and 

• The governance model, including how proposals can be submitted and decisions are made. 

Similarly, a smart contract for a DeFi lending and borrowing dapp might state the duration of loans and when they must be repaid; interest rates; minimum collateral ratios; liquidation rules; specific terms for short-term “flash loans,” and governance provisions.  

These immutable agreements and transparent disclosures are completely distinct from the often undisclosed terms and hidden fees common in TradFi entities like credit card companies. While consumer protection laws have attempted to protect against deceptive business practices that centralized actors sometimes engage in, open-source software code can make this deception much more difficult. 

User Privacy. Traditional apps raise concerns about the information they track and collect, including location data, health history, and personal photos and contacts. Dapps have the potential to better protect user privacy because many don’t require any personal information —like a username, password, or email address—to register. Users simply connect their wallet to the dapp. Further, users can disconnect from a dapp at any time, there is no “account” to cancel. 

For example, decentralized exchanges, or “DEXs,” let users trade crypto directly peer to peer, without relinquishing control of their funds to an exchange. Uniswap, the leading DEX on the market with over $1.2 trillion in trading volume since its inception, does not collect or store any personally identifiable information like user name, home address, email, IP address, or date of birth. Dapp browsers further help to better protect sensitive user data: these browsers often include privacy features such as firewalls and anonymized surfing, which can help to block data gathering and phishing. The Brave Browser, for example, natively prohibits trackers and advertising, but lets users earn “Basic Attention Tokens (BAT)” as rewards if they choose to watch ads. And new health platforms like aigia health use pseudonymization and encryption to collect, store, and transfer patient data, while ensuring patient control over their own information by granting granular data-sharing permissions.  

Permissionless and censorship-resistant. Traditional apps are vulnerable to corporate and government control. Centralized entities can block users’ access to the app by deplatforming certain accounts, or even redirecting users to other sites more favorable to the  government. For example, countries like China, Iran, and others maintain “blacklists of blocked domains” that citizens cannot access, and U.S. tech companies’ recent wave of deplatforming has raised calls for more open platforms. 

In contrast, decentralized networks can be accessed without anyone’s permission, and parties can interact and transact directly peer to peer. Decentralized social networks, for example, offer an alternative to traditional apps like Facebook that heavily moderate content and deplatform nonconforming users. “DeSoc” dapps let users themselves collectively determine content rules. Some DeSoc protocols support numerous communities, each with their own content guidelines. And users can easily port their identities, posts, followers, and photos to different sites, or ensure that their posts are never deleted.  

Decentralized storage networks are another censorship-resistant web3 tool. They allow users to store data on a decentralized network of nodes, which guarantees that no central authority can block or censor inputs. Data and applications stored on these structures are tamper-proof and will be accessible indefinitely. For example, users can ensure permanent storage of their data on the Arweave blockchain by purchasing storage space using the AR token. In 2022, the censorship-resistance platform was reportedly used to archive millions of documents related to the war in Ukraine, ensuring that the “records of history cannot be altered after they happen.”

Further, because dapps run on public, permissionless blockchains, they are not subject to gatekeeping by conventional app stores. Big tech companies often impose onerous and opaque review procedures before listing apps, and restrict the ways in which they can function. As the U.S. Commerce Department and others have recognized, this gatekeeping function limits user choice and leaves innovators with “very limited avenues for reaching consumers.”  

Community Rewards and Governance. Dapps embrace the web3 vision of user ownership. Unlike traditional corporations that delegate decision making to board members or partners, dapps are owned and governed collectively by their members, often in the form of decentralized autonomous organizations (DAOs). By selling native tokens and issuing them as rewards, DAOs allow members to pool resources toward a common goal and share in the value they create. Tokenholders can participate in online discussions regarding dapp governance and vote on proposals for changes to the dapp protocol, funding, fees, branding, and more. 

For example, Flamingo acts as an NFT “incubator” that lets users purchase tokens to support digital arts and create digital museums and galleries in the metaverse. Flamingo also issues the governance token “FLM” to community members based on their participation, which allows them to vote on purchase decisions and the structure of the dapp. Similarly, DeSoc dapps use tokens to facilitate user ownership and control. One dapp, Steemit, rewards users who create and vote on content: if a post receives enough votes, both the creator and curators are rewarded with Steem tokens. As they accumulate tokens, users gain influence over the ways in which rewards are distributed. In turn, rewards function as a built-in moderation system by incentivizing users to post and support quality content.  

Gaming dapps also shift ownership from game developers to players, offering players ways to monetize in-game assets and participate in dapp governance. Games like CryptoKitties, Axie Infinity, and Bomb Crypto feature in-game characters and virtual real estate that have been tokenized as NFTs and can be transferred to other games or traded on NFT marketplaces. And Yield Guild Games is a decentralized network of gaming guilds that acquires game assets for community members and issues its own governance token, YGG. Tokenholders can then vote on decisions related to rewards distribution and business development. 

Constant Innovation. Most dapps are built using open-source code, which means that developers can access, modify, and build on top of existing code without restriction. This encourages collaboration and allows developers to build on top of each other's work, accelerating innovation. Developers can also improve existing dapps by adding features or fixing bugs. In fact, a recent report by Andreessen Horowitz (a16z) found that almost 30,000 developers contribute to public crypto repositories each month. This approach is in stark contrast to traditional apps, which initially welcomed third party developers, but now strictly limit their access.

For example, Aave is a decentralized lending and borrowing platform that runs on the Ethereum blockchain and lets users borrow assets from the protocol and earn interest on their crypto deposits. The open architecture of Aave makes it easy for developers to build innovative dapps on its platform. One dapp, DeFi Saver, lets users manage their Aave positions more efficiently. It provides tools like automated liquidation protection, interest rate swapping, and leveraged positions to help users maximize their returns and minimize their risks. Aavegotchi, a gaming dapp, lets users collect, trade, and battle virtual creatures called Aavegotchis. Users can earn Aave interest on their Aavegotchi's collateral and use it to purchase in-game items.

Another example of this constant innovation is Farcaster, a decentralized social network that supports other dapps and builders. Farcaster has given rise to many dapps within its ecosystem, including: 

• Friendcaster - a visualization tool that generates images showing users their most frequent social interactions;

• Eventcaster - a social events platform that lets users create, search, and join events from within their Farcaster feed; and 

• Pollcaster - which makes it easy to create and conduct polls. 

Limitations of Dapps 

Dapps are still in the early stages of development and face challenges related to scaling, ensuring security, and achieving true decentralization.  

Costs and Delays. Dapps face significant start-up costs: they need points of connection to the blockchain, or “nodes,” that require technical expertise and equipment. They also need to build a “minimum viable community” of users that will in turn govern the dapp. Further, transactions on dapps can sometimes be slow and costly when compared to typical apps, which limits their ability to scale. Ethereum has historically required high transaction, or “gas,” fees. Finally, any fixes and updates to dapps can also be slow to implement because changes to a dapp’s code require a majority consensus from the community.  

Developers are working on several solutions to these issues, including side chains and zero knowledge proofs that can greatly speed up transactions. Ethereum’s move to proof of stake validation may also bring improvement. Moreover, dapp communities are experimenting with delegated governance and other forms of organizing that can facilitate faster decision making while preserving the ethos of decentralization. 

Security. Some dapps are vulnerable to scams and hacks. In particular, dapps that are poorly designed and not independently audited may contain defects that hackers can exploit. “Malicious” dapps are intentionally compromised to steal user funds, and phishing scams may impersonate legitimate apps (for example, through slight variations in a URL) to steal crypto from unsuspecting users. Despite the transparency of smart contracts, many users lack the time and expertise to examine their terms. In particular, the “bridges” that connect dapps from different blockchains are especially vulnerable to attacks, whether from hacks or bugs in the code. 

To make dapps more secure, developers are crafting “smarter smart contracts” by following evolving best practices for coding and building software that identifies vulnerabilities in smart contract code. Further, the industry is giving rise to blockchain security firms that guard against hacks, and to decentralized insurance protocols that can compensate users who lose funds to theft.  

Limitations on Privacy and Decentralization. Some commenters argue that dapps fall short of their promise to protect user privacy. The Ethereum blockchain, for example, has been criticized for complying in part with federal sanctions laws by rejecting transactions that contained sanctioned addresses. Similarly, Uniswap announced in late 2022 that it collects publicly-available blockchain data, such as users’ browser information and operating systems, and information on interactions between users and Uniswap’s service providers.  

Many dapps are also not fully decentralized, but are developed and governed by small internal teams or major investors. A recent Coinbase Institute analysis concluded that many DAOs, the organizations that often fund and manage dapps, “are for the most part effectively controlled by large token holders, or core developers, or influential individuals in the organization.” Tokenholder participation in voting is notoriously low: the same analysis found that the average participation in a governance proposal is only 6.5%, and that almost half of DAOs have an average voting turnout of less than 2%. 

To solve this issue, some dapps have committed to a process of “progressive decentralization” to broaden participation in voting and dapp governance by community members. Innovations include the creation of councils to ensure that community members can learn about proposals from experts and specialists, and the use of “quadratic voting,” which incentivizes participation by allowing members to accrue and then “burn” voting power over time. Further, developers are innovating new types of voting platforms that promise to make voting for on-chain proposals even easier and faster.  

Policy Considerations and Future Research 

Dapps inevitably raise questions for U.S. policymakers: for example, whether some tokens constitute securities; the relevance of consumer disclosure requirements; the applicability of AML/KYC and sanctions-related requirements, and the tax implications of DeFi and NFT transactions. Regulators have recognized the benefits of dapps, noting that DeFi “has produced impressive alternative methods of composing, recording, and processing transactions,” but have also raised concerns about illegal activity and consumer protection.  

The lack of regulatory clarity surrounding dapps has increased operating costs in the U.S. and hampered institutional adoption. One key issue, noted above in relation to the Ethereum blockchain, is whether actors who simply validate and process blockchain transactions at crypto’s “base layer” should be required to censor blocks that contain sanctioned addresses. The argument for “base layer neutrality” recognizes that the blockchain’s base layer actors are comparable to providers of the Simple Mail Transfer Protocol (SMTP) that underlies and enables the transfer of email. Just as SMTP providers are not required to monitor email for illegal activity, a similar neutrality should govern base layer actors, who primarily perform clerical and reporting functions. To require otherwise would threaten blockchains’ essential consensus mechanisms and risk pushing more innovation off-shore, reducing U.S. visibility into blockchain validation and threatening U.S. leadership in emerging crypto technologies. 

Ultimately, any policy discussion about dapps must first and foremost preserve their innovative potential. In an on-chain world, transparency and trust are built into the products themselves, and these protections will only grow as the technology develops. Crypto can improve on traditional systems by encoding trust on-chain in a cryptographically provable way. Therefore, regulators focusing on crypto should limit their reach to centralized actors, where additional transparency and disclosure are needed. 

Specifically, regulators could embrace innovation and protect consumers by developing a comprehensive regulatory regime for crypto assets generally. Much-needed rules would clarify the issues discussed above with regard to securities law, disclosure requirements, and the tax treatment of various crypto assets. Congress could further support innovation around dapps by passing legislation that recognizes and protects their decentralized structure.

Dapps are moving on from the experimental phase, and are testing the possibilities of decentralized networks. To succeed, they must demonstrate to a large contingent of users that they provide tangible utility to their users. In the near term, dapps seem poised to add value not by mimicking traditional apps, but by interacting with them to provide new capabilities that “redesign existing Web2 apps as they function now.”  Longer term, their potential is likely more transformative. More research is warranted into how dapps can integrate with, or in some cases, serve as a substitute for, web2, and what hurdles must be removed for that progress to become a reality.  

Note: The views and opinions expressed herein are those of the authors and do not necessarily reflect the views of Coinbase or its employees and summarizes information and articles with respect to cryptocurrencies or related topics that the author believes may be of interest. This material is for informational purposes only, and is not (i) an offer, or solicitation of an offer, to invest in, or to buy or sell, any interests or shares, or to participate in any investment or trading strategy, (ii) intended to provide accounting, legal, or tax advice, or investment recommendations or (iii) an official statement of Coinbase. No representation or warranty is made, expressed or implied, with respect to the accuracy or completeness of the information or to the future performance of any digital asset, financial instrument or other market or economic measure. The information is believed to be current as of the date indicated on the materials. Recipients should consult their advisors before making any investment decision.