This article introduces the concept of Blockchain Software Transparency. You can trust a transparent DeFi product because it shows the right information publicly to build trust. Transparency is good for developers and users both. Transparent systems are not guaranteed to be free from exploits, but they allow anyone to review them in real time and search for potential problems.
What is the right Information?
This involves the smart contract addresses, documentation on the software, testing done and audits that took place. These are the elements of transparency and are discussed in more detail below.
Why does this build trust?
This builds trust in two ways; first it shows the developer followed best practices and took the efforts required to mitigate risks.
Second, with this information any capable blockchain expert should be able to validate that the software is doing what is expected. This means any user at any time (with a solidity developer ) can verify the design and overall activity of any defi product and ensure it is working as advertised. This builds trust.
The DeFiSafety score indicates transparency.
Transparency is good for developers. It shows them exactly what to show publicly to build trust with users.
Transparency is good for users. It allows users to verify exactly how their money is being invested, whenever they want. Through ratings such as DeFi Safety’s, users can see quickly see how transparent a product is.
Transparency does not guarantee freedom from exploits, but is a strong indicator of how serious a product team is in their software design process, quality assurance, and followers of best practices. Lack of care is the #1 reason projects fail.
Why are the four elements of transparency important?
Smart Contract Addresses: This is a list of all the smart contract addresses that manage the money of the users. Everything in the Ethereum is public, but without the addresses it is difficult to find out exactly what is happening. Some addresses are regularly updated (such as AMN strategies). These addresses must be kept up-to-date and public.
Software Documentation: This is documentation on a contract and function by function basis describing the inputs outputs and processes of the DeFi product. This information is critical for a third-party developer to trace the operations within the product.
Testing: Testing proves the developer took the time to test their code before deployment. There are different ways to test software; system, unit, formal verification, controlled experiments and active test networks. Preferably many are used. Testing gives examples of the operation of the smart contracts, which are useful for external developers.
Audits: Audits by 3rd party experts are an established method of smart contract quality and established best practice. However, it is important to remember that audits are commissioned by the developers. They choose the auditor, the scope and duration of the audit. For this reason, a DeFiSafety expert reads the audit to determine its real value on based on the auditor’s reputation, the report findings, how the team responded to the report (fixing issues, etc.), and what changes have occured since the report was released.
Going forward, DeFi Safety will discuss transparency above and beyond process quality and best practices. From a review perspective it is the same process with the same score but we feel the transparency focus aligns incentives more effectively.