Original article by: Vitalik Buterin
Original translation: MaryLiu, BitpushNews
Ten, five, or even two years ago, my view of what Ethereum and blockchain could do for the world was very abstract. I would say, “It’s a general purpose technology, like C++,” and sure, it had specific properties like decentralization, openness, and censorship resistance, but beyond that, it was too early to say which specific applications would make the most sense.
The world today is no longer that world. Enough time has passed that few ideas are completely unexplored: if something succeeds, it’s probably some version of something that’s already been discussed many times on blogs, forums, and conferences. We’re also closer to identifying the limitations of the industry. For example, many DAOs underperformed despite the inconvenience and expense of having a fair chance and enthusiastic audiences willing to participate, industrial supply chain applications are not widely adopted, and a decentralized Amazon on the blockchain is not here yet. But it’s also a world where we’re seeing real and growing adoption of some key applications that serve real needs of people — these are the ones we need to focus on.
As a result, my perspective has changed: my excitement about Ethereum is now based not on the potential of an undiscovered unknown, but on a few specific categories of applications that have proven themselves and are only going to get stronger. What are these applications, and which ones I’m no longer bullish on? That’s the subject of this post.
1. Money: The first and most important application
One of the experiences I remember very clearly when I first visited Argentina last December was wandering the streets on Christmas Day when almost all the shops were closed. We looked for a coffee shop and finally found one that was still open after searching for 5 shops. When we walked in, the owner recognized me and immediately showed me the ETH and other crypto assets on his Binance account. We ordered tea and snacks and asked if we could pay with ETH, the owner agreed and showed me the QR code of his Binance deposit address, and I paid about $20 in ETH from the Status wallet on my phone.
This is far from the most meaningful use of crypto that is happening in the country. Others use it to save money, transfer money internationally, pay for large important transactions, and more. But even so, the fact that I found a random coffee shop and it happened to accept crypto shows how widespread adoption is. Unlike developed countries like the United States, where financial transactions are easily conducted and 8% inflation is considered extreme, in Argentina and many other countries around the world, where connections to the global financial system are more limited, extreme inflation is a daily reality and crypto often steps in as a lifeline.
Besides Binance, there are more and more local exchanges and you can see their advertisements everywhere including airports.
One of the problems with my coffee transaction was that it had no real practical use. The fee was high, about a third of the transaction amount. The transaction took several minutes to confirm: I remember that Status did not yet support sending proper EIP-1559 transactions that are more reliable and confirm faster. If, like many other Argentinian crypto users, I only had a Binance wallet, the transfer would be free and instant.
However, a year later things have changed. As a result of the merge, transactions are included faster and the chain has become more stable, making it safer to accept transactions after fewer confirmation times. Scaling technologies such as Optimistic and ZK rollups are advancing rapidly. Social recovery and multi-signature wallets are becoming more practical. These trends will take years to play out as the technology develops, but progress is being made.
At the same time, there was one important “driving factor” driving interest in on-chain trading: the FTX crash, which reminded everyone, including Latin America, that even the most seemingly trustworthy centralized services may not be trustworthy at all.
Cryptocurrency in developed countries
In wealthy, developed countries, the more extreme use cases around surviving high inflation and conducting basic financial activities generally don’t apply. But cryptocurrencies still have significant value. As someone who uses it to donate money (to legal organizations in many countries), I can personally confirm that it is much more convenient than traditional banking. It’s also valuable for industries and activities that are at risk of being deplatformed by payment processors — a category that includes many industries that are perfectly legal under the laws of most countries.
There is also a more important broader philosophical case for cryptocurrencies as private money: many governments are using the transition to a “cashless society” as an opportunity to introduce levels of financial regulation that would have been unimaginable 100 years ago. Cryptocurrencies are the only thing currently being developed that can realistically combine the benefits of digitization with a cash-like respect for personal privacy.
But in either case, cryptocurrencies are far from perfect. Even if all technical, user experience, and account security issues are resolved, the volatility of cryptocurrencies remains a fact, and volatility can make it difficult to use for savings and business. For this reason, we have…
Stablecoins
The Ethereum community has long understood the value of stablecoins. To quote a blog post from 2014:
Over the past 11 months, Bitcoin holders have lost approximately 67% of their wealth, and prices have often risen or fallen by as much as 25% in a single week. Seeing this concern, there has been a growing interest in a simple question: Can we have the best of both worlds? Can we have the full decentralization that crypto payment networks offer, but at the same time have a higher level of price stability without this extreme volatility up and down?
In fact, stablecoins are very popular among users who actually use cryptocurrencies today. That said, there is a reality that does not align with today’s cypherpunk values: today’s most successful stablecoins are centralized, primarily USDC, USDT, and BUSD.
Top cryptocurrencies by market cap, data from CoinGecko, 2022-11-30. Three of the top six are centralized stablecoins
Stablecoins issued on-chain have many convenient properties: they are open for anyone to use, they are resistant to the largest and most opaque forms of censorship (issuers can blacklist and freeze addresses, but this blacklisting is transparent and there are actual transaction fee costs associated with freezing each address), and they interact well with on-chain infrastructure (accounts, DEXs, etc.). But it is unclear how long this will last, so research into other alternatives is needed.
I think the stablecoin market is basically divided into three different categories: centralized stablecoins, DAO-managed real-world asset-backed stablecoins, and crypto-backed stablecoins with minimal governance.
From a user’s perspective, all three types have to strike a balance between efficiency and resilience. USDC works today and will almost certainly work tomorrow. But its continued stability in the long run depends on the macroeconomic and political stability of the United States, a continued U.S. regulatory environment that supports making USDC available to everyone, and the credibility of the issuing organization.
RAI, on the other hand, takes on all of these risks, but it comes with a negative interest rate: -6.7% at the time of writing. In order for the system to be stable (and therefore not as prone to collapse as LUNA), every RAI holder must be matched with a negative RAI holder (aka a “borrower” or “CDP holder”) who posts ETH as collateral. This rate may increase as more people engage in arbitrage, holding negative RAI and balancing it with positive USDC or even interest-bearing bank account deposits, but RAI’s interest rate will always be lower than a functioning banking system, and with the potential for negative interest rates, the user experience issue will always remain.
The RAI model is perfectly ideal for the more pessimistic LUNA-punk world: it avoids all connections to the non-crypto financial system, making it harder to attack. Negative interest rates prevent it from being a convenient alternative to the dollar, but one way to adapt is to accept this disconnect: a minimally governed stablecoin could track some non-monetary asset, like a global average CPI index, and advertise itself as representing a summary of "best efforts to achieve price stability." This would also have lower inherent regulatory risk, as such an asset would not attempt to provide a "digital dollar" (or euro, etc.).
DAO-managed RWA-backed stablecoins, if they work well, could be a happy medium. Such stablecoins could combine enough robustness, censorship resistance, scale, and economic utility to satisfy a large number of real-world crypto users. However, making this work would require both real-world legal work to develop strong issuers and a lot of resilience-oriented DAO governance engineering.
In either case, any well-functioning stablecoin would benefit a wide range of currency and savings applications that already provide real help to millions of people today.
2. DeFi: Keep it simple
In my opinion, decentralized finance is a category that started out gloriously but limited, somehow turned into an overcapitalized monster that relied on unsustainable forms of yield, and is now in the early stages of stablecoins, improved security, and a renewed focus on a few particularly valuable applications. Decentralized stablecoins are, and likely always will be, the most important DeFi product, but there are a few others with important niches:
Prediction Markets: They have been a niche but stable mainstay of decentralized finance since Augur launched in 2015. Their adoption has been quietly growing since then. Prediction markets showed both their value and their limitations in the 2020 US election, and this year in 2022, both cryptocurrency prediction markets like Polymarket and virtual currency markets like Metaculus have become more widely used. Prediction markets are valuable as a cognitive tool, and there are real benefits to using cryptocurrency to make these markets more trustworthy and more accessible globally. Rather than a billion-dollar wave, I expect prediction markets to continue to grow steadily and become more useful over time.
Other synthetic assets: In principle, the formula behind stablecoins can be replicated for other real-world assets. Interesting potential stocks include major stock indices and real estate. The latter will take longer to get right due to the inherent heterogeneity and complexity of the space, but it could be valuable for exactly the same reasons. The main question is whether someone can create the right balance between decentralization and efficiency to give users access to these assets at a reasonable rate of return.
Glue layer for efficient transactions between other assets: If there are assets on the chain that people want to use, including ETH, centralized or decentralized stablecoins, higher-level synthetic assets, or anything else, the value in the layer will make it easy for users to trade between them. Some users may want to hold USDC and pay transaction fees in USDC. Others may hold some assets but want to be able to convert them immediately to pay someone who wants to pay in another asset. Another use case is that one asset can be used as collateral to obtain a loan in another asset, although these projects are most likely to succeed and avoid incurring losses if they keep leverage to very limited levels (e.g., no more than 2x).
3. Identity ecosystem: ENS, SIWE, PoH, POAPs, SBTs
“Identity” is a complex concept that means many things. Some examples include:
Basic Authentication: Simply prove that action A (e.g. sending a transaction or logging into a website) was authorized by an agent with some identifier (e.g. an ETH address or public key), without trying to say who or what that agent is.
Proof: Proof of another agent’s statement to the agent (“A proves that he knows B”, “The Canadian government proves that C is a citizen”)
Name: Build consensus that a specific agent can be referred to by a specific human-readable name.
Proof of personhood: Prove that the agent is a person, by ensuring that each person can only have one identity (this is usually done with proofs, so it's not a completely separate category, but it's a very important special case)
I have long been bullish on blockchain identity and bearish on blockchain identity platforms. The use cases mentioned above are important for many blockchain use cases, and blockchains are valuable for identity applications because of their institution-independent nature and the interoperability benefits they provide. However, trying to create a centralized platform to do all of these tasks from scratch will not work. What is more likely to work is an organic approach, with many projects tackling specific tasks that are individually valuable and adding more and more interoperability over time.
That’s exactly what’s happened since then. The Sign In With Ethereum (SIWE) standard allows users to log into (legacy) websites in much the same way you log into websites with your Google or Facebook account today. This is actually quite useful: it allows you to interact with websites without giving Google or Facebook access to your private information or taking over or locking you out of your account. Technologies like social recovery can give users account recovery options in case they forget their passwords, which is much better than what centralized companies offer today. SIWE is supported by many applications today, including Blockscan Chat, the end-to-end encrypted email and note-taking service Skiff, and various blockchain-based alternative social media projects.
NS lets users have usernames: I have vitalik.eth. Proof of Humanity and other proof of personhood systems let users prove they are unique people, which is useful in many applications including airdrops and governance. POAP (“Proof of Attendance Protocol”, pronounced “pope” or “poe-app” depending on whether you’re a brave contrarian or a sheep) is a general protocol for issuing tokens that represent proof: Did you complete an educational course? Did you attend an event? Did you meet a specific person? POAP can be used both as a component of a proof of identity protocol and as a way to try to determine if someone is a member of a particular community (valuable for governance or airdrops).
An NFC card that contains my ENS name and allows you to receive POAP to verify that you have seen me
Each of these applications can be used on its own. But what makes them really powerful is how they work together. When I log into Blockscan chat, I log in using Ethereum. This means that anyone I'm chatting with can immediately see my vitalik.eth (my ENS name). In the future, to combat spam, Blockscan chat will be able to "verify" accounts by looking at on-chain activity or POAPs. The lowest level will simply verify that the account has sent or been a recipient in at least one on-chain transaction (since this requires a fee). Higher levels of verification may involve checking balances of specific tokens, ownership of specific POAPs, identity proof profiles, or meta-aggregators like Gitcoin Passport.
The network effects of these different services combine to create an ecosystem that provides some very powerful options for users and applications. Ethereum-based Twitter alternatives such as Farcaster could use POAP and other on-chain proofs of activity to create “verification” features that don’t require traditional KYC, allowing anonymous participation. Such a platform could create rooms that are only open to members of a specific community — or a hybrid approach where only community members can speak but anyone can listen, the equivalent of Twitter polls that might be limited to specific communities.
Just as important, there are more pedestrian applications related to simply helping people make a living: Verification through attestation could make it easier for people to prove they are trustworthy to get rent, employment, or a loan.
The biggest challenge for this ecosystem going forward is privacy. The status quo involves putting a lot of information on-chain, which is “too good to be true” and will eventually become unacceptable, if not downright risky, for more and more people. There are ways to address this by combining on-chain and off-chain information and making heavy use of ZK-SNARKs, but this is actually work. Scaling is also a challenge, but scaling can generally be addressed with rollups and verification, while privacy cannot and must be addressed on a case-by-case basis.
4. KNIFE
“DAO” is a powerful term that encompasses many of the hopes and dreams people have for the crypto space to build more democratic, resilient, and efficient forms of governance. It’s also a very broad term, and its meaning has changed a lot over the years. Most generally, a DAO is a smart contract designed to represent an ownership structure or control over some asset or process. But that structure can be anything from a low-level multi-sig to highly complex multi-space governance mechanisms like the one proposed for the Optimism Collective. Many of these structures work, while many others do not, or at least are a very poor match for what they are trying to achieve.
There are two questions that need to be answered:
What governance structure makes sense and for which use cases?
Does it make sense to implement these structures as DAOs or through regular registrations and legal contracts?
A particularly subtle point is that the word “decentralized” is sometimes used to refer to both: if the decisions of the governance structure depend on the decisions of a large group of participants, then it is decentralized; if the implementation of the governance structure is decentralized, then it is built on a decentralized structure like a blockchain and does not rely on any single nation-state legal system.
Decentralization for better robustness
One way to think about the distinction is that decentralized governance structures protect against internal attackers, while decentralized implementation protects against external powerful attackers (“censorship resistance”).
First, a few examples:
The Pirate Bay and Sci-Hub are great case studies of censorship resistance that doesn’t require decentralization. Sci-Hub is primarily run by one person, and if parts of the Sci-Hub infrastructure are taken down, she can simply move it somewhere else. The Sci-Hub URL has changed multiple times over the years. The Pirate Bay is a hybrid: it relies on the decentralized BitTorrent, but is itself a centralized convenience layer.
The difference between these two examples and blockchain projects is that they don’t try to protect users from the platforms themselves. If Sci-Hub or The Pirate Bay wanted to harm their users, the worst they could do is provide poor results or shut down — both of which would only cause minor inconveniences until their users switch to other alternatives, which inevitably emerge in their absence.
They could also publish user IP addresses, but even if they did that, the total harm to users would still be much lower than stealing all user funds.
Stablecoins are not like this. Stablecoins are trying to create a stable, trusted, neutral global commercial infrastructure, which requires both not relying on a single centralized external player and preventing attackers from within. If the governance of a stablecoin is not designed properly, an attack on governance could steal billions of dollars from users.
At the time of writing, MakerDAO has $7.8 billion in collateral, which is over 17x the market cap of MKR. Therefore, if governance was held by MKR holders, without any safeguards, someone could buy up half of MKR, use it to manipulate the price oracle, and steal most of the collateral for themselves. In fact, this has already happened with a stablecoin with a smaller market cap (Beanstalk)! This has not happened with MKR yet, primarily because MKR holdings are still fairly concentrated, with the majority of MKR held by a fairly small group who are reluctant to sell because they believe in the project. This is a great model for launching a stablecoin, but not a good model for the long term. Therefore, for decentralized stablecoins to work long term, innovations in decentralized governance that do not have these flaws are needed.
Two possible directions include:
Some kind of de-financialized governance, or perhaps a hybrid of a “bicameral system” where decisions require approval not only from token holders but also from other categories of users (e.g. Optimism Citizens or stETH holders)
Intentional friction so that certain types of decisions take effect only after a delay long enough that users can see that something is wrong and escape the system.
There are many subtleties to crafting governance that effectively optimizes for robustness. If the robustness of a system relies on activating in extreme cases, the system might even want to occasionally intentionally test those extreme cases to ensure they work — like rebuilding Ise Jingu every 20 years. This aspect of decentralization for robustness continues to require more careful thought and development.
Decentralization for greater efficiency
Decentralized efficiency is a different school of thought: decentralized governance structures are valuable because they can incorporate more diverse voices at different scales, and decentralized implementation is valuable because it can sometimes be more efficient and less costly than traditional legal system-based approaches.
This implies a different approach to decentralization. Decentralized governance for robustness emphasizes having a large number of decision-makers to ensure alignment with pre-set goals and intentionally makes adjustments more difficult. Decentralized governance for efficiency retains the ability to act quickly and adjust when needed, but attempts to move decision-making away from the top to avoid the organization becoming a rigid bureaucracy.
Decentralized implementations designed for robustness and those designed for efficiency are similar in one respect: they both just put assets into a smart contract. But decentralized implementations designed for efficiency will be much simpler: often a basic multi-signature will suffice.
It’s worth noting that “decentralization for efficiency’s sake” is a weak argument for large projects in the same developed country. But it’s a much stronger argument for very small projects, highly international projects, and projects located in countries with inefficient institutions and weak rule of law. Many applications of “decentralized efficiency” could probably also be done on a chain run by a central bank run by a large, stable country; I suspect both decentralized and centralized approaches are good enough, and what determines which approach dominates is a matter of path dependency, i.e., which approach becomes feasible first.
Decentralization of interoperability
This is a much-maligned argument for decentralization, but it’s still important: it’s easier and safer for on-chain things to interact with other on-chain things than it is for off-chain systems to interact, which inevitably require a (hackable) bridge layer.
If a large organization running a direct democracy held 10, 000 ETH in its reserves, that would be a decentralized governance decision, but it would not be a decentralized implementation: in practice, there would be several people in that state managing the keys, and the storage system could be attacked.
There is also a governance angle to this: if a system provides services to other DAOs that cannot change quickly, then it would be better if the system itself could not change quickly, so as to avoid a "rigidity mismatch" in the system, where the rigidity of the system makes it unable to adapt to disruptions.
These three “decentralization theories” can be summarized in a chart:
Decentralization and strange new governance mechanisms
Over the past few decades, we’ve seen the development of many exotic new governance mechanisms:
Quadratic voting
Liberalism
Liquid Democracy
Decentralized conversation tools like Pol.is
These ideas are an important part of the DAO story, and they are valuable both for robustness and efficiency. These ideas, in addition to the more “traditional” century-old ideas around multi-space architectures and intentional indirection and latency, will be an important part of the story of making DAOs more effective, and they will also find value in making traditional organizations more efficient.
Case Study: Gitcoin Grants
We can analyze different approaches to decentralization through an interesting edge case: Gitcoin Grants. Should Gitcoin Grants be an on-chain DAO, or should it just be a centralized organization?
Here are some possible arguments for Gitcoin Grants to become a DAO:
It holds and processes cryptocurrencies because most of its users and funders are Ethereum users
Secure quadratic funding is best done on-chain (see the next section on blockchain voting and on-chain QF implementation), so you can reduce security risks if voting results are fed directly into the system
It engages with communities around the world and therefore benefits from credible neutrality rather than being centred on a single country.
It has the benefit of being able to give users confidence that it will still be there in five years, so public goods funders can start projects now and hope to be rewarded later.
These arguments lean toward decentralization for superstructure robustness and interoperability, though individual quadratic funding rounds fall more into the “decentralization for efficiency” school of thought (the theory behind Gitcoin Grants is that quadratic funding is a more efficient way to grant money).
If the robustness and interoperability arguments didn’t apply, then it might be better to simply run Gitcoin Grants as a normal company. But they do apply, so it makes sense for Gitcoin Grants to be a DAO.
There are many other examples of this argument being applied, both to DAOs that people increasingly rely on in their daily lives, and to “meta DAOs” that provide services to other DAOs:
Proof of humanity
Kleros
Chain link
Stablecoins
Blockchain Layer 2 Protocol Governance
I don’t know enough about these systems to say that they are all optimized for decentralized robustness to meet my criteria, but hopefully they should be obvious by now.
The main problem with poorly functioning DAOs is that DAOs require pivoting capabilities that conflict with robustness, and there aren’t enough cases for “decentralization for efficiency.” Large companies that primarily deal with US users are one example. When building a DAO, the first thing to do is to determine if it’s worth building the project as a DAO, and secondly whether its goal is robustness or efficiency: if it’s the former, it also requires deep thinking about governance design, and if it’s the latter, then it should either innovate in governance through mechanisms like quadratic funding, or it should just be a multi-signature.
5. Hybrid Applications
Many applications are not entirely on-chain, but leverage blockchain and other systems to improve their trust models.
Voting is a great example. High guarantees of censorship resistance, auditability, and privacy are all required, and systems like MACI effectively combine blockchain, ZK-SNARKs, and a limited centralized (or M-of-N) layer for scalability and coercion resistance to achieve all of these guarantees. Votes are posted to the blockchain, so users can ensure their votes are included, independent of the voting system. But the votes are encrypted, privacy-preserving, and use a ZK-SNARK-based solution to ensure that the final result is the correct calculation of the vote.
Voting in existing national elections is already a high-assurance process, and it will be a long time before countries and citizens feel comfortable with the security guarantees of any electronic voting method, blockchain or otherwise. But technology like this could soon become valuable in two other places:
Improving the credibility of voting processes that already occur electronically (e.g. social media voting, polls, petitions)
Create new forms of voting that allow citizens or group members to provide rapid feedback and give them high assurance from the outset
Beyond voting, there is a potential area of “auditable centralized services” that would be well served by some form of hybrid off-chain verification architecture. The simplest example is proof of solvency for an exchange, but there are many other possible examples:
Government Registry
Business Accounting
Games (see, for example, Dark Forest)
Supply Chain Applications
Tracking access authorization, etc…
As we go down the list, we see use cases that are lower and lower in value, but it’s important to remember that these use cases are also low-cost and verification does not require publishing everything on-chain. Instead, they can be simple wrappers around existing software that maintains a Merkle root (or other commitment) of the database and occasionally publishes the root on-chain along with a SNARK proving that it was updated correctly. This is a strict improvement over existing systems as it opens the door to cross-institutional proofs and public audits.
So how do we achieve this?
Many of these applications are being built today, though many of them have limited usage due to the limitations of today’s technology. Blockchains are not scalable, transactions until recently took considerable time to be reliably included in the chain, and today’s wallets leave users with an uncomfortable choice between low convenience and low security. In the long term, many of these applications will need to overcome privacy concerns.
These are all solvable problems, and there is a strong incentive to solve them. The FTX debacle showed many how important truly decentralized solutions are for holding funds, and the rise of ERC-4337 and account abstraction wallets give us the opportunity to create such alternatives. Rollup technology is rapidly evolving to solve scalability issues, and transactions are already being included on-chain faster than they were three years ago.
But it’s also important to intentionally focus on the application ecosystem itself. Many of the more stable and boring applications are not being built because there is less excitement and short-term profits around them: LUNA has a market cap of over $30 billion, while stablecoins that pursue robustness and simplicity have tended to be largely ignored over the years, and non-financial applications often have no hope of making $30 billion because they simply don’t have a token. But in the long run, it is these applications that are most valuable to the ecosystem and will bring the most lasting value to their users and the people who build and support them.