“The greatest victory is that which requires no battle.” — Sun Tzu
TabooKey needed a trustless decentralized way of onboarding new users that don’t have ETH to pay for gas fees. To our frustration, we couldn’t find a solution that would give us both security and usability. Finally, by looking at the problem from a fresh angle, we had a eureka moment that allowed us to come up with a simpler, more decentralized and robust approach that provides a general purpose toll free interface for smart contracts. We’re sharing this so everyone who wants to create dapps with great user experiences can benefit!
The dapp onboarding paradox
Dapps gain value through network effect. The first users get little value, but value increases as more users join. However, users need to jump through hoops — go to an exchange, pass a KYC process and wait for approval, transfer money from their bank, buy ETH, install MetaMask, learn how to use it and transfer ETH to it, etc. All that, just to start using a dapp that offers little value at that point. Result: users are not coming and dapps are not taking off. Even Facebook offered little value to its first users, but at least it was easy to join and see if it catches on.
And there’s another paradox within that paradox. Interacting with a Decentralized App requires purchasing ETH at a Centralized exchange with a KYC process, which excludes the unbanked population. It goes against the spirit of blockchain and decentralization.
But wait, don’t existing meta-tx frameworks or proposals solve the problem?
What are meta transactions?
The idea of meta transactions isn’t new: Signing a transaction with a key that doesn’t own ETH, and then wrapping it with another transaction signed by a key that does own ETH, to pay for the gas. The recipient contract “peels” the outer transaction and uses the inner one.
There are currently two types of meta-tx solutions:
Some dapps deploy a single, or a small number of relayers to mediate access to their contracts. Here lies another paradox, requiring a centralized relay (or a small number of relays) to use a decentralized app. Attack or malfunction of this relayer could result in censoring some or all transactions to the dapp. The relayer is a single point of failure. Corollary: a dapp is as decentralized as its most centralized component.
An idea that keeps coming up is a decentralized network of relayers watching a secondary transactions-pool and acting as secondary miners. They all suffer from a synchronization problem: A relayer can only relay one transaction at a time, so each relayer picks the (same) most profitable transaction and relays it. Only one of them will succeed, and all others will get reverted and lose money, while the less profitable transactions are never “mined”. Attempts to solve this Thundering Herd problem involve using consensus protocols such as Proof of Work. As a result, etherless transactions need to be mined twice, and take much longer than normal transactions. Furthermore, the cost of running each relay increases, which in turn increases the transaction fees.
Another problem with the secondary transactions-pool approach is access from restricted/proxied networks (e.g. enterprise or government), or from mobile devices with limited background processing. P2P protocols are often blocked in such scenarios, and apps have to fall back to http.
Can we solve these problems without becoming centralized?
What if we could achieve decentralization without having to solve the Thundering Herd problem at all, while using only http? As Sun Tzu teaches us, the greatest victory is that which requires no battle.
Key insights that led to the solution:
- It’ll be easier to bootstrap dapp network effect if we subsidized interaction with the contract. Could dapps have a toll-free 800 number?
- The person who signs the transaction doesn’t have to be the person paying for the gas. The dapp just needs a way to know who the real sender is.
- To stay decentralized, all components have to be incentivized.
- Transaction-pool based solutions lack synchronization. P2P solutions would require consensus, e.g. proof-of-work, which would make gasless transactions slower than regular transactions. Resorting to distributed consensus mechanisms comes from group-think we have in our blockchain community. It’s an overkill if we can achieve decentralization without it.
- Clients in restricted network environments cannot reliably communicate with P2P networks. In order to scale quickly, we must use commonly supported protocols.
- The sender is already motivated to get the transaction to the dapp, and is, therefore, most suitable to drive the process. How could we empower the sender to control the process?
- Instead of a public pool of transactions, we can use a public pool of relayers and let the sender select one.
- To put the sender in control, we need to give it a way to find a relay, negotiate its fee, verify its reliability, and send the transaction.
- Relayers are like miners. They may act selfishly and abuse the system if it would increase their profits. The solution will only be robust if it doesn’t require trusting them.
What is the Gas Stations Network?
Gas Stations Network is a decentralized and trustless way to add reverse-charge calls to smart contracts. The dapp takes care of paying for verified transactions, so users can start using the dapp immediately.
Depending on the business model of the dapp, it may charge the users through other means, such as credit cards, or it may sponsor the transactions while capturing value elsewhere.
What is the Gas Stations Network not?
It’s not an L2 solution. It just utilizes an L2 network to reliably deliver L1 etherless transactions.
It’s not a protocol modification and does not require a hard fork or even a soft fork. It is agnostic to L1 implementation and will continue to work unchanged as Ethereum evolves. Therefore, dapps can start using it immediately and the network will scale to accommodate it. There’s already a working GSN on the Ropsten test network.
How does it work?
The network consists of gas stations (relays), publishing their fees and URLs on the blockchain, accepting etherless transactions from users, filling them with gas by signing them, returning them to the user, relaying them to the blockchain and getting compensated for their effort. Gas stations and users don’t trust each other, which leads us to…
Anchor of Trust
A single open-source smart contract, RelayHub, acts as registrar for relays, mediates transactions between relays and dapp contracts, and emits events that help users find relays and assess their reputation. RelayHub holds small deposits from dapps and uses them to compensate relays for transactions accepted by dapps.
Relays are required to stake ETH in RelayHub when they register. The stake is used to prevent certain DoS or censorship attacks, described in the attacks section of EIP 1613. Honest relays earn transaction fees, and provably dishonest relays lose their stake.
The entire interaction between a user and a relay is a short-lived http session. At the end of this http transaction the user gets a performance bond that keeps the relay honest, so the user knows that the transaction has been relayed without having to wait for mining to occur. A failed request can be detected immediately, and the user proceeds to the next relay. The network is censorship resistant as long as there is at least one honest relay.
The user app
From the user’s perspective, the app (web or mobile) transparently selects a relay and delivers the transaction to the blockchain. Behind the scenes, the app selects a relay using on-chain information about transaction fees and ongoing reputation, attempts to send the transaction through the selected relay, knows immediately whether the request was handled, or retries with the next relay. The immediate validation process enables fast iteration, so malfunctioning or malicious relays cannot cause long delays, and the transaction gets delivered in a timely manner.
The full technical details, attacks and mitigations, are beyond the scope of this post, and are available in EIP 1613.
How can my dapp use it?
The Gas Stations Network lets the dapp accept reverse charge calls and pay for transactions’ gas, supporting etherless users. The particular funding model depends on the business model of the dapp. Let’s demonstrate it through a couple of examples:
- SalesChain, a paid dapp, may wish to onboard etherless users and charge them through credit cards. In this case, our user, Joe, will sign in to SalesChain and buy gas credit using any supported method, e.g. PayPal. SalesChain will use the received funds to purchase ETH and deposit it in RelayHub to compensate relays. Joe will be allowed to make as many etherless transactions as he has credit for. Joe cannot exhaust SalesChain’s deposit since he’s limited to his own credit.
- CryptoUnicorns, a fun social game, may wish to pay for its users, not charge them for it, and monetize them through other means such as in-app advertising or selling unicorn accessories. In this case, Joe will sign in, using uPort or other commonly used identity methods such as his Google or Facebook account. CryptoUnicorns will grant Joe tokens and allow him to make a certain amount of daily etherless transactions. If Joe tries to exhaust CryptoUnicors’ deposit, he will eventually lock himself out of the game by exhausting his own quota instead.
- Joe works at Pineapple Unincorporated, a DAO that wishes to always pay for its known participants, funding the transactions from its revenues. In this case, Pineapple will accept requests only from Joe and his known peers, Alice and Bob, and not charge them in any way. If Joe abuses this trust and wastes Pineapple’s deposit for no good reason, Alice and Bob can vote him out, so he will no longer be able to send etherless transactions.
The Gas Stations Network doesn’t impose any restrictions on how the dapp chooses to manage its funding. It just solves the UX problem, allows onboarding users quickly, and gives dapps the tools to manage its own accounting.
I want to try it! What do I need to do?
The change required in the dapp contract is minimal. It just needs to become aware of RelayHub, in order to accept or reject transactions, get the real sender, and maintain a small deposit of ETH for compensating relays.
Changes to the app are also minimal, as web3 is hooked to find and use relays instead of sending regular transactions. The hook can use MetaMask if installed or generate and use ephemeral keys.
We took a Metacoin sample, modified it to support our relay network, and deployed it to the Ropsten network. It uses our deployed relays to access the Ropsten RelayHub. You can also take a look at some samples in the GSN repository,
In our next posts we’ll focus on the technical aspects of making an existing dapp use the Gas Stations Network.
Gas Stations Network solves one of Ethereum’s biggest UX challenges — onboarding users quickly and effortlessly, helping dapps scale quickly. It does so in a trustless and decentralized way, and without requiring any changes to how Ethereum works.
The network is intentionally designed to serve the community and not capture value. TabooKey decided to publish it as EIP 1613 and a free implementation. The only way to profit from the network is to run a gas station (a relay server) and compete in the free market, based on transaction fee and reliability metrics. Once we deploy it on mainnet, we will not be in control of the network. As the number of dapps using the network increases, we expect the network to scale up with more relays joining to make a profit.