Your Crypto Kitty isn’t forever — Why DApps aren’t as decentralized as you think

When newcomers to Ethereum ask why use a DApp over a traditional web service, our mantra has always been, “Decentralization, Decentralization, Decentralization”. A centralized web service could be censored by a government, but DApps are safe; A centralized web service could lose all of its data in a failure, but DApps are safe as long as Ethereum is alive; Centralized services are walled gardens by default, but DApps can have their tokens traded openly on exchanges.

But what people don’t say is that DApps have far more vulnerabilities and weak points than Ethereum itself, and just because a DApp runs on a decentralized BlockChain, doesn’t make it safe from the whims of its owner.

With the recent explosion of CryptoKitties, a lot of newcomers are coming into this space without a clear understanding of the nature of DApps, so I will use CryptoKitties as an example to illustrate some of the hidden and not so obvious problems with DApps in general.

A kitty ice age can happen with a single command from a single person

The ownership of kitties is all stored in a single contract deployed to MainNet — KittyOwnership. Thankfully, this contract doesn’t have the selfdestruct feature so the owner cannot directly kill it, but the owner could do something almost as destructive.

function pause() external onlyCLevel whenNotPaused {
paused = true;

The owner of this contract could pause it without agreement from any one else, and if they use the upgradeContract function as well, the current contract would be paused without ever being unfrozen. Every single crypto kitty in existence would be put in deep slumber forever.

A DApp is not a BlockChain — You can’t kill or seriously maim Ethereum with a single command, and even if one node decides to do something suicidal, all the other nodes will continue on without it. But just because Ethereum has these qualities doesn’t mean that the CryptoKitties contract that runs on Ethereum shares them. As far as Ethereum is concerned, there is only a single version of the KittyOwnership contract, and that contract is owned by a single wallet. It doesn’t get more centralized than this.

A crypto cat is not as rare as it seems

Genesis — The $115k USD cat

One of the core concepts of CryptoKitties is the fact that you can breed them with a chance of getting a rare and desirable cat. For example, one person actually spent 246 Ether at $115k USD to buy a Gen0 cat — Genesis. He probably assumed this cat is utterly unique, and his ownership of it is stored on Ethereum, immortalized for eternity, and provably so.

But the GeneScience contract that controls what comes out of crypto cat sex is is not only closed source (non-verified on Etherscan), but also replaceable by the CEO for any reason of his choosing.

function setGeneScienceAddress(address _address) external onlyCEO {
GeneScienceInterface candidateContract = GeneScienceInterface(_address);

This means that tomorrow, the CEO of CryptoKitties could switch out the cat breeding algorithm with another one that produced some more Genesis type cats, or change it in any number of ways that will affect the rarity of certain cats going forward. A person owning a 1/1 unique cat might suddenly find himself the owner of a 1/1000 common house cat.

While it’s likely that the owner of the Crypto Kitty contract will never do this to the users, that still doesn’t change the fact that there will always be a possibility that someone else will in the future. There is a difference in value between something that is truly unique, and something that is unique by social agreement.

A crypto cat can grow another tail tomorrow

Ethereum is expensive to run and to store things, so DApps reasonably contain the bare minimum of logic and data. The uniqueness of a crypto cat is expressed as a single unsigned integer:

uint256 genes

The code that reads this meaningless integer and transforms it into a crypto cat with all its good/bad looks, colors, descriptions, etc, is all in a centralized server, closed source, under the control of a central authority.

Unlike a Blockchain, where the software is ran by every single node, and each upgrade requires a hard/soft fork. The CryptoKitties folks could, at any point, unilaterally chance the entirety of how a gene sequence is interpreted — add another tail, change the colour, switch out the description, make a cat into a doge, etc.

Just because someone owned the ERC721 token that contains a certain kitty and its genes, doesn’t mean this person owns the entirety of the data the generates the cat.

Your cat is just as immune to bad corporate decisions as Pikachu was when someone decided he could suddenly speak English:

But it doesn’t have to be this way…

I have to make it clear that the makers of CryptoKitties didn’t do this out of malice or ill intent. They made the best DApp possible with the very limited infrastructure that is available today, and they did a wonderful job of attracting new users to the community.

What’s really needed is a way to run full fledged apps, with the entirety of the code running in nodes, and its data not only decentralized but also own-able by anyone willing to run nodes themselves.

It’s only when we can achieve that that we truly have decentralized applications in the full meaning of the word.