CryptoSlate recently spoke to Tyler Bond “Familiarcow,” the Communications Director at Nine Realms, a company building core infrastructure on THORchain which has just announced a mainnet launch. I asked Bond why THORchain was different from other liquidity protocols, the issues with DeFi smart contracts, anonymous development, the future of THORchain, and why true decentralization matters.
After my conversation with Nischal Shetty recently and the recent Solend debacle, I wanted to find out whether THORchain’s claim to be a 100% decentralized DEX holds any weight. Further, DeFi’s dirty secret is that most smart contracts have Proxy Upgradeability meaning that the smart contract can be updated to change its functionality. In the case of Solend, this almost ended in a user holding over $200M in assets having their account taken over by the platform.
THORchain is designed to be a cross-chain interoperable DEX that allows native assets such as Bitcoin (BTC), Ethereum (ETH), and Cardano (ADA) without the need for wrapped tokens. The potential for such a protocol is almost limitless, but can it scale, is it truly decentralized, and is it secure? Bond answers these questions and more below.
Akiba: So, what makes THORchain different from other liquidity protocols?
THORChain is decentralized, chain agnostic, and does not use any bridges or wrapped assets to make swaps. This allows THORChain to connect to the most economically significant chain – Bitcoin without the use of wrapped BTC and more without the security risk that a bridge faces.
Users can swap to and from NATIVE assets. Any chain can be added including Monero and Cardano which are not seen at all in DEXs today. No one else in the DEX space has been able to accomplish this goal. THORChain is also run by over 100 completely anonymous nodes (info: thornode.network), so it possesses sufficient decentralization.
THORChain uses a rotating Threshold Signature Scheme (TSS) vault that continuously rotates asset custody between nodes coming into and out of the network. Funds are moved to a new vault every week – functioning as a sort of proof of reserve. The funds are always solvent and provably liquid and able to be moved by the network itself but not any individual participants.
Akiba: CoinMarketCap states that the mainnet launched on Jan 21 – what happened?
Mainnet did not launch in January. Mainnet is not a software upgrade for THORChain, but rather a coming of age moment. The protocol, since the beta was released in April 2021, has been hardening and receiving weekly updates.
The network has been functioning at mainnet levels of maturity, stability, and security since early 2021. Now is the time to shed the beta label and emerge as the mature true cross-chain protocol.
Akiba: The THORchain core team is not publically verifiable. Do you believe a non-doxed/anonymous team is viable in today’s market?
The anonymity of the team is definitely viable. The nodes run THORChain, not the developers. 100% of node operators must adopt a software update for changes in code to take effect on the network meaning that the core development team cannot make unilateral decisions that would affect THORChain’s state machine.
THORChain itself is a cross-chain infrastructure and the approach the core team has taken is to remain anonymous and eventually leave the project to the community in the style of Satoshi. Creators and Godlike figures in crypto are dangerous and present a centralization issue. An anonymous core team with plans from the beginning to step away from the protocol speaks to the maturity and foresight of the early planners.
A true neutral protocol cannot have singular figureheads that determine the future of the network. The future of the network must be determined by those that have the most stake and run the network’s code itself – the node operators.
Additionally, there are other teams that work on THORChain’s codebase other than the original core team. Nine Realms is a group that has stepped up to contribute to the core development and chain integrations of THORChain. The contributions of Nine Realms and other community developers have proven indisposable in the process of hardening the network. The core team’s identity matters very little. The codebase itself is entirely open source and transparent for community contribution, with final curation of code updates left to the Nodes – like Bitcoin.
Akiba: How secure is THORchain? There are some worrying signs in DeFi at the moment. For instance, Solend is under criticism currently for voting to take control of a user’s account. Its ability to do this comes from the Proxy Upgradeability of its smart contracts – meaning its smart contract can be upgraded by changing its functionality. Does ThorChain solve this issue in any way or is it DeFi’s dirty secret?
The only way to make changes to THORChain’s logic or state machine is through updates to the code itself. In which case, 100% of node operators (who have a significant stake in the network being that it is Proof-of-Stake), must adopt the code changes.
However, in THORChain, nodes have the ability to change network constants using a feature called “mimir”. Mimir is a type of governance that allows nodes to granularly change constants like How quickly the Reserve emits its rewards, the number of vaults secured by the validators of the network, and the amount of time an LP must have a position to get full impermanent loss protection, whether a chain is halted for security reasons, etc.
A supermajority (66%+) of nodes must vote for a particular value for it to be changed against the status quo. This is a decentralized mechanism of governance that gives the largest stakeholders control over granular network controls. Full list of mimir commands: https://midgard.thorchain.info/v2/thorchain/mimir
Until the planned obsolescence of the core team, there is also an admin mimir key held by the core team. This admin mimir key can change any of these values without a full vote by nodes. Due to there being so many nodes, votes take a long time to be enacted. However, in the adolescent stage of the protocol, there have been numerous instances where quick changes to these constants have been necessary.
For example, trading pause controls in case there is an exploit that threatens to drain funds. To balance this power, a majority of nodes vote always “outvotes” the admin-mimir. Meaning, that if admin-mimir performs a malicious action such as pausing trading unnecessarily, nodes can vote to undo that action, and once a supermajority consensus is reached, trading will be unpaused. The admin-mimir key will be burned after planned obsolescence since it presents the greatest centralization risk to the protocol currently.
I think that Solend’s actions should show DeFi how these protocols actually function. Protocols can change for the better or the worse. If they can’t change, then inevitably there will be some kind of bug or problem that will destroy the protocol, so it needs the ability to protect itself. The most important thing a DeFi user can do is to understand how their protocols actually function and how code changes are adopted by the network. If any individual or group can singlehandedly push through changes to the protocol, that is a decentralization problem.
A DeFi protocol itself is completely neutral. Its only job is to be a state machine that makes regular, deterministic transitions from one state to another as blocks are proposed and passed by validators (nodes) of the network.
Centralization will always be an issue when dealing with DeFi protocols which is why it is imperative that teams that create and maintain these networks take centralization concerns seriously and put plans into place to decentralize over time.
Bitcoin wasn’t built in a day and it has its own problems early on including a huge exploit. There needs to be both: a way to solve problems that will arise over time and a balance of control over how software updates and state changes are handled.
THORChain was planned from Day 1 to become a more decentralized network over time. This meant sacrificing early bootstrapping and VC partnerships that “DeFi” protocols today seem to be doing regularly. This meant creating a rotating TSS vault system where private keys are held by anonymous nodes which can scale with the protocol. This meant the eventual destruction of powerful control methods like admin-mimir. This meant the governance of the network must be in the hands of the nodes that administer the network – not the development team. A network must be planned to be decentralized from its very first breath, even though it inevitably must be created by a small team of individuals.
Akiba: So what will change now the mainnet has launched for end-users/devs?
Mainnet doesn’t bring any new code changes to the users of the network. It marks a new phase in growth for THORChain – integrations. Integrations into DEXs, DEX Aggregators, and Wallets. THORChain is the infrastructure that lets any user permissionlessly swap assets including Bitcoin without WBTC or a bridge that no other decentralized service offers.
This gives THORChain a huge competitive edge in the space. Users of all different kinds of multichain wallets will invisibly use THORChain built right into their favorite wallets. DEX users will be able to swap right to and from native bitcoin using THORChain’s liquidity pools.
In the next few weeks, integrations will be complete for ATOM and AVAX. This will link thorchain’s liquidity pools directly into the Cosmos IBC ecosystem and the Avalanche C-Chain ecosystem. The team also has plans for a mechanism for single-sided yield on blue-chip assets like Bitcoin. It will be the first protocol to get a single-sided yield on native, unwrapped Bitcoin. The future is extremely bright for THORChain.
Akiba: When you say it’s the only 100% DEX what does this really mean? How decentralized is it truly?
THORChain is very decentralized when compared to other DEXs. There are over 100 validator nodes of the network, each bonding over 500,000 RUNE. Every node must agree to software updates. A supermajority of nodes must agree to change network constants. Therefore, the nodes which actually execute the code of the network have extreme incentives to perform in the best interest of its users and the protocol itself. There is no individual or group that can make unilateral changes to the codebase of THORChain. The largest centralized risk, currently, is the admin-mimir key which will be deprecated in the coming months. This poses no risk to funds itself on the network, only constants that the network recognizes and even its power is trumped by node consensus.
An ADR (Architecture Design Record) process has been implemented for community members to signal for changes within the network. This process is still being implemented, but this is one of the new governance mechanisms for the community to signal that they want a specific change to the architecture of THORChain. An ADR is similar to EIP or BIP for Ethereum or Bitcoin. It includes a voting process that allows contributors to signal for changes like adding new chains, changing the way code executes, etc. This change will allow greater decentralization of the direction THORChain’s code goes without the core team.
At the end of the day, the network is only as decentralized as changes to its codebase can be. THORChain has been designed from the start to scale as a decentralized service. Its growth has been slower because of this, but it has made the network more durable. One change to increase decentralization is a Mimir constant to allow no more than 33% of validators to be on the same cloud service provider. This change is ongoing and has not been ratified by a mimir vote yet but will be crucial to make the network resistant to capture.
Bond certainly understands the core mechanics of THORchain and he was able to answer each question in tremendous detail. It can be assessed that THORchain still has a core element of centralization due to the admin-mimir keys, however, if these are deprecated then we could see a DEX more decentralized than many others out there. Without the constraint of delegated proof-of-stake THORchain certainly embodies the spirit of a decentralized financial system. Whether this is truly what users want or just a fantasy that doesn’t work in practice will be seen over the coming months. Will THORchain gain adoption among DeFi users with its vast level of interoperability or will users stick to the more familiar arenas of UniSwap, Aave, and Curve?