How does Algorand address high risks in using blockchain technology?

Using blockchains comes with great risks for users:

  • Any bug, vulnerability, mistake at the protocol, dapps, bridges, CeFi/DeFi, wallet or user level can lead to hacks or lost money.
  • Immutability of transactions (which is a feature in general) makes the costs high and damage irreversible (in most cases).

Algorand has demonstrated the leadership in some areas by using rigorous development and upgrade process, introducing state proofs and re-usable libraries, etc., however I’ve not seen a systemic approach to addressing this problem yet, which is arguably the most critical usability issue.

Please note that there is no room for any error, bug or vulnerability here due to the potential high cost and credibility damage. The Tinyman case is a good example to realize how these events (no matter how relatively small) can negatively impact the blockchain reputation, credibility and user trust.

A few suggestions:

  1. The core protocol internals and APIs play a big role in reducing risks. My main concern here is incremental complexity. I know that the dev team is cognizant about this aspect, however there is a tension between building new stuff/features and keeping the system simpler for the longer-term benefit. One approach to address it is to somehow quantify the complexity and how it contributes to future problems (in all levels, protocol, dapps, etc.). I also think the Algorand dev team would benefit from adding a critical-system expert who has seen multi-year dev cycles. I know that there are already system experts in the team however not sure any of them have the experience of working on critical infrastructure code with many (API) clients and code dependency over many years. At some point more than 99% of feature requests should be rejected at the core level, ideally all feature requests unless fundamental to the blockchain improvement.
  2. There should be a systemic approach to this problem that maps out all possible issues and have some plans for them and it shouldn’t be limited to the core protocol/code but the overall ecosystem safety. It doesn’t matter if a user makes a mistake or a dapp is buggy, at the end it hurts Algorand users.
  3. All aspects and steps of the user journeys should be evaluated and somehow measured in terms of risk and safety. There should be a dashboard available to users to rate different tools, dapps, etc. based on a transparent method. It is important to make these ratings meaningful. For example the rating should be associated to a specific version of an app in prod rather than an app as a whole. For example, the risk of using AlgoFi 2.0 is certainly more than AlgoFi 1.0 when it was launched. The rating can be started based on the code, verification process, etc. but can be also expanded to more than some other areas. For example, when someone borrows coin A from AlgoFi at 1% interest rate, a large lender can remove the liquidity and increase the interest rate to 10% immediately. This is a risk that most borrowers are not aware of. Another example, is that if AlgoFi accepts riskier coins/assets as collateral it certainly impacts the overall safety of the whole system. As a note, I use AlgoFi as an example because it is the largest Algorand DeFi platform and impacts most users.

On Reddit

Full Disclosure:

  • Algorand is the only crypto that I’m invested in even though I’ve been in the crypto space for years.
  • My intent is to communicate my most important concerns or feedback for the Algorand long-term success in a series of posts. I hope these posts not only allow a deeper discussion within the community but are also addressed or thought about by the Algorand leads.

Previous posts:

1 Like