Closing the ‘backdoor’ opened by the god mode, is a DEX without an administrator key the future?

Is a keyless DEX the future to close the god mode backdoor?

Original author: Island Network

What is an admin key?

The admin key is the administrator’s key. You can think of it as a master key that can open all the back doors of the game machines in an amusement park and take away all the coins. The admin key can access and control any account in the entire system. The admin key gives a specific entity (individual, company, DAO organization, etc.) the management rights to the entire system, including control over accounts, permissions, data, etc.

Imagine when you open a bank account, inadvertently when you read the fine print hidden in the terms and conditions, you come across “The bank reserves the right to change your account balance at any time”. Perhaps in that moment, you feel shocked and scared because the bank can freeze your account at any time, and in the most extreme case, the bank may go bankrupt and you cannot retrieve your personal funds. The admin key is a term that any developer is very familiar with. These control keys with full access permissions allow developers to modify or replace any content in the smart contracts that support their projects, and can even adjust user balances.

• Ethereum brings ‘bad news’ Futures ETF falls short of expectations, on-chain data at a low point
• South China Morning Post Article Why can’t the JPEX incident shake Hong Kong’s cryptocurrency vision?
• Forbes Binance’s Golden Touch, how did they turn failed ICO tokens into unexpected fortunes worth billions of dollars?

Let’s take a look at what a simple representation of the Admin Key code might look like. The admin key is usually used to perform some key operations, such as updating contract code, adjusting contract parameters, pausing contracts, and setting new administrators.

pragma solidity ^0.8.0;contract AdminContract {address public admin;bool public isLianGuaiused;constructor() {admin = msg.sender;isLianGuaiused = false;}modifier onlyAdmin() {require(msg.sender == admin, “Only the admin can perform this action”);_;}modifier whenNotLianGuaiused() {require(!isLianGuaiused, “Contract is LianGuaiused”);_;}function updateAdmin(address newAdmin) public onlyAdmin {admin = newAdmin;}}

Vitalik reveals that L2 and Rollup both have backdoors!

Recently, there has been a heated discussion on Twitter about Vitalik Buterin’s statement that both L2 and rollup on Ethereum have a backdoor for protocol developers to intervene and make changes when necessary. However, Cardano OG Chris O disagrees, believing that the Ethereum network is not as immutable, permissionless, or censorship-resistant as widely claimed.

In fact, this is not recent news at all! It was discussed by Vitalik half a year ago on February 7, 2023, in an interview with Balaji in the first episode of The Network State Podcast. The original words in the video are as follows:

“And the other thing that I’ve talked to the rollup teams that they all want to do next year is they want to start taking off training wheels, right? So the roll ups and layer twos that exist on Ethereum today, they basically all have what I call training wheels, like some kind of backdoor that lets developers come in and say, stop and change the protocol if they see that some kind of bug has happened.”

“我与 rollup 团队讨论的另一件事是，他们明年都想做，他们想开始卸下辅助轮，对吗？所以今天以太坊上存在的 rollup 和第二层，他们基本上都是有我所说的辅助轮，就像某种后门，让开发人员进来并说，如果他们发现发生了某种错误，就停止并更改协议。”

“Training Wheel” refers to a training auxiliary wheel used for children learning to walk. It is used in Ethereum’s Rollup and Layer 2 solutions. In Vitalik’s view, the current Layer 2 scaling solutions are not mature enough to achieve complete decentralization and independence. They generally have auxiliary control measures and contingency mechanisms in case developers need to modify the deployed protocols in case of errors. In most cases, this “training wheel” is actually an admin key.

In the world of cryptocurrencies, you can find similar user terms in all centralized exchanges. When you register an account, you agree to grant the CEX access and custody permissions to your assets. For example, Binance’s terms of use state, “Binance may but has no obligation to manage and control affected funds and your Binance account.”

Recalling the series of scandals in 2022, Luna collapsed in May, Three Arrows Capital collapsed in June, FTX collapsed in November, and Genesis collapsed in December. At that time, Genesis was the best-managed and largest centralized crypto lending company. It attracted funds with attractive borrowing costs based on its reputation. But why did it eventually collapse? FTX, the second-largest exchange at the time, was also finally bankrupted by a run on its assets. This is why theoretically all centralized exchanges are not secure. If we logically assume, any centralized exchange will have the risk of collapse. For those who trade with large funds, they will gradually shift to DEX based on ZK Rollup and open order books, which are permissionless, KYC-free, and trustless. Isn’t this what the crypto natives have been pursuing all along? In the past, for the sake of convenience, we turned a blind eye to security. Now, perhaps it’s time to rethink.

For “centralized” projects with admin keys, the risk of government regulation is also a widely open question. Regulatory agencies can shut down and control a project with admin keys at any time. DeFi projects that exercise centralized “custodial” control over users and their funds face pressure, especially in terms of legislation. If regulatory agencies can find a centralized party or group of people, they can seize this point.

Case Study

The significance of DEX often becomes apparent only in extreme cases, where people realize the importance of DEX. Let’s review the collapses and disasters caused by centralized management or pseudo-decentralized protocols in history. The famous Japanese exchange Mt. Gox closed down in 2014 after hackers stole $500 million worth of cryptocurrencies. In 2018, approximately $530 million worth of digital tokens were stolen from the Tokyo-based platform Coincheck. The former cases were mostly due to hackers using stolen private keys (the password required to access cryptocurrency funds) to steal funds. Let’s talk about a recent case. Multichain reported that CEO Zhao Jun was arrested. It not only relied on multisig wallets controlled by a few people, but worse still, they seemed to have no multisig at all, and the private key was held by Zhao Jun alone. Multichain, formerly known as Anyswap, was founded in July 2020 with an initial focus on cross-chain DEX. On May 21, 2023, Zhao Jun, the CEO of Multichain, was taken away by Chinese police from his home. It was later discovered that these MPC node servers and other regular servers were actually running on Zhao Jun’s personal cloud server account. No team member had access to Zhao Jun’s personal cloud server account, so no one could log in to these MPC servers. Zhao Jun’s computers, phones, hardware wallets, and mnemonic phrases were all confiscated by the authorities. Therefore, when a project claims to be a DEX but allows access permissions to a centralized system, it is ironic. Once faced with strong government supervision and scrutiny, the project can be shut down at any time, and assets can be confiscated.

What does No-Admin key mean?

This means that all operations and rules are executed by smart contracts and decentralized networks without the intervention of any individual entity, which raises the threshold for malicious behavior. “No-Admin key” provides greater security and trustworthiness because there is no single entity that can abuse power or engage in improper operations. However, this may also bring some challenges, such as the need to address vulnerabilities or errors through consensus mechanisms or community governance, without the ability for a central entity or individual to intervene quickly.

Advantages and disadvantages analysis

Re-deploying contracts will result in contract address changes

DeGateDEX, the most mature ZK Rollup-based decentralized exchange on Ethereum, claims to have no admin private key and can achieve maximum user self-custody. It can be confirmed that once the protocol is fully deployed, the code execution logic is immutable. Recently, Degate re-deployed the contract to update and fix a bug discovered by a white hat, which also verifies their mechanism of truly having no admin private key, as protocol modifications can only be made through re-deployment. Re-deploying contracts will result in changes to the contract address. On a blockchain platform, each smart contract has a unique address used to identify and locate the contract on the blockchain. When a project re-deploys a contract, a new contract address will be generated, and the old contract address will become invalid. I believe this is also one of the criteria for determining a truly decentralized platform. The irreversible code execution logic greatly raises the threshold for malicious behavior from a technical perspective.

The current status of pseudo-decentralization

Although admin keys were common in the early stages of projects, they contradict the idea of decentralization and make the entire project insecure. This is because admin keys have special access privileges to modify project protocols or smart contracts, and they are typically held by the project’s founders or core team. Essentially, many DeFi protocols and products that require users to deposit assets are protected by “admin keys,” which are claimed to be protected by features such as time locks and multi-signatures. These keys are usually Ethereum smart contracts that can upgrade protocols or products in various ways. However, no DeFi project can prove the strong security of its admin key operations. This means that the only way to truly feel secure when using these DeFi products is to trust the team’s capabilities and their ability to protect admin keys.

This often tests human nature, and human nature often fails the test.

Andreas Antonopoulos, author and educator of “Mastering Bitcoin,” defines a truly decentralized project as one that does not have custody control over funds. “This is a very important criterion. I think it is a basic standard.” According to this standard, most protocols fall far short of the requirement. Among the 15 projects reviewed on DeFi Watch, only InstaDapp, MakerDAO, and Uniswap were reported to have no admin keys associated with their products. The remaining projects (including Aave, Compound, DDEX, Yearn Finance, Nexus Mutual, and Synthetix) all have admin keys that allow varying degrees of control.

The administrator key of Aave is owned by Aragon DAO. Aragon DAO has only five members, and a full protocol change can be made with just three “yes” votes. In terms of Total Value Locked (TVL), Aave currently ranks third among all DeFi projects, with a locked value of over $1.38 billion.

This poses a potential single point of failure, as the administrator key is a critical part of the entire system. If it is leaked or lost, it could lead to serious consequences, with the worst-case scenario being team members being hacked or taking away users’ funds and disappearing. To eliminate this centralized risk, admin key and DAO governance are adopted. Therefore, some argue that DeFi projects with “god mode” administrator keys are actually considered a way to protect user funds and are primarily used in conjunction with security features such as time locks and multi-signatures.

Decentralized protocols and governance methods

Projects that aim to achieve a No-Admin key face more new challenges. What if there are errors in the project’s construction? How to fix them? What if the community votes to support false changes to the project? If the project is under attack, what control measures can ensure that attackers do not succeed in urgent situations?

1. Fixing construction errors in projects: If errors occur in the project, fixing them usually requires consensus from the community in a No-Admin Key environment. This is usually done through voting in decentralized autonomous organizations (DAOs). Repair can only be carried out after a certain proportion of agreement is reached through voting. This process may be relatively slow, but it ensures fairer decision-making and avoids decisions that may be detrimental to the community made by individuals or small teams.

2. False changes through community voting: Although the decision-making process of DAOs can be manipulated, generally, large-scale fraudulent behavior requires controlling a large amount of tokens, which may not be economically feasible. In addition, voting systems can be designed to prevent such behavior, for example, by introducing a collateral system where voters must freeze a portion of their tokens to vote.

3. Control measures in the event of an attack: Generally, the security of a blockchain network depends on its degree of decentralization and network scale. In projects without an Admin Key, there may not be a quick way to stop an attack. However, the community may use its consensus mechanism, such as voting, to reach consensus and take action as quickly as possible. Additionally, technologies such as Layer 2 solutions can be used to enhance the security of the project.

4. “Handing over” the keys to the community or using key creation for multi-signature wallets and electing well-known community members to hold these keys. In some other projects, the keys are burned, which means their contracts (protocols) cannot be easily updated and new contracts that users can choose to migrate to must be deployed. DApps are created by developers or teams deploying smart contracts. The contract has one private key as the controller, which eliminates the trustlessness of blockchain technology and can only reduce risks through multi-signatures.

Overall, the No-Admin Key project may face some new challenges, but its decentralized nature allows it to provide more fair, transparent, and secure services. This is also one of its main advantages.

Or as Vitalik asks many Rollups teams, “next year”, they are all competing for the auxiliary round! But next year, next year, there are so many next years! It must be difficult and long, embrace complete decentralization, and be your own god! It takes courage!

Reference:

1.https://github.com/Loopring/protocols

2.https://github.com/degatedev

3.https://balajis.com/p/1-vitalik-buterin-on-starting-new-69b#details

We will continue to update Blocking; if you have any questions or suggestions, please contact us!