const blockedCountries = [
  { code: "VG", name: "British Virgin Islands" },
  { code: "PA", name: "Panama" },
  { code: "BY", name: "Belarus" },
  { code: "CU", name: "Cuba" },
  { code: "IR", name: "Iran" },
  { code: "IQ", name: "Iraq" },
  { code: "CI", name: "Côte d'Ivoire" },
  { code: "LR", name: "Liberia" },
  { code: "KP", name: "North Korea" },
  { code: "SD", name: "Sudan" },
  { code: "SY", name: "Syria" },
  { code: "ZW", name: "Zimbabwe" },
];

export const isCountryBlocked = async () => {
  try {
    // Get the user's IP address
    const ipResponse = await axios.get("https://api.ipify.org/?format=json");
    const ipAddress = ipResponse.data.ip;

    // Get the user's country
    const locationResponse = await axios.get(`https://api.iplocation.net/?cmd=ip-country&ip=${ ipAddress }`);
    const countryCode = locationResponse.data.country_code2;

    // Check if the country is blocked
    const blockedCountry = blockedCountries.find((country) => country.code === countryCode);
    return blockedCountry !== undefined;
  } catch (error) {
    notify(error);
    return false; // Assume country is not blocked if there's an error
  }
};

• Walk through a thinking process of arriving at the current AA design, showing which problems had to be resolved along the way: https://www.alchemy.com/blog/account-abstraction

• Modularization of AA: https://blog.rhinestone.wtf/modulekit-deep-dive-ad84ee0797c6

• Early experimentation with AA by Visa: https://usa.visa.com/solutions/crypto/auto-payments-for-self-custodial-wallets.html

• Panther Protocol explanation of AA: https://blog.pantherprotocol.io/ethereum-account-abstraction-everything-you-need-to-know/

• SDK facilitating operations on AA: https://accountkit.alchemy.com

• Safe Wallet implementation for AA: https://safe.global/core

Let’s go back a decade…

We can’t talk about blockchain Fintech without mentioning Bitcoin. Bitcoin was the first successful decentralized cryptocurrency. It launched, at least as far as we can tell, before the financial crisis of 2008. In Bitcoin’s genesis block (the very first block created by Satoshi) there’s even a reference to a Times article mentioning a banks bailout program. There were several pre-crisis signs that could ignite Satoshi’s vision and spark Fintech innovation.

• fractional-reserve banking

• lack of transparency in government monetary decisions (inflation, printing new money)

• greedy financial institutions creating financial products to benefit mainly themselves (subprime mortgage derivatives)

Satoshi worked towards creating a truly stateless currency that would be used directly between parties. The parties interested would trade (person to person or between businesses) without any third party who could stop, corrupt, ban or censor transactions.

Financial crisis

This ‘shock to the system’ amplified the focus on cryptocurrencies and its values in later years. We could see this during the Greek government debt crisis and later during the Cypriot financial crisis. Statistics gathered by Google Trends show how often people searched for the term “bitcoin” in Google. During these times of hardship, you could see a correlation between the economic climate and the Bitcoin price on major crypto exchanges. It shows that people were trying to partially escape from certain ‘difficult’ currencies. For instance, EUR deposits of some Cypriots were confiscated in 50% at that time. People considered moving to something that they saw as less susceptible to government oppression.

Blockchain FinTech technology stack

The above mentioned source of innovation helped cryptocurrencies to form their basic manifesto and define their initial properties. But to exist and work as advertised, cryptocurrencies needed a sophisticated technology stack. In its core, Bitcoin and other cryptocurrencies created later derive a lot from other technologies, created much earlier. This can be regarded as part of a ‘Watching others’ source of Fintech innovation. Starting with the Bitcoin White Paper that refers to such inventions as: hash functions (SHA256) for anonymizing data and summarizing digital signatures, Elliptic Curve Cryptography for signing transactions and Hashcash for its proof of work algorithm. All of these technologies have existed much earlier than Bitcoin (some even 50 years earlier). However, they created the product we now know only in combination.

Cryptocurrencies created after the publication of the Bitcoin protocol derive a lot from Bitcoin itself, but also from other inventions and technologies. These include: quantum computing, Schnorr signatures, Scrypt algorithm, Ring signatures, zero-knowledge proofs, Turing-complete programming languages for smart contract development or many more. All of these inventions were and are mixed and matched together, forming remarkable combination of various cryptocurrencies with distinct features.

Suddenly, entrepreneurs had many options to choose from to build products on top of existing cryptocurrencies. This spurred the ‘Recombination’ source of Fintech innovation. Companies and individuals from various industries started to look how they could utilize blockchains and cryptocurrencies in their fields of expertise. Also, they considered how they can disrupt other industries with trustless principles.

The cloud

From cloud computing providers (experienced with delivering easy-to-use development experience) to software developers interested in particular technologies: various people started to offer blockchain-based technologies in the cloud. These were pre-configured and ready to use, for everybody who wanted to experiment. All without spending days or weeks on proper configuration of the servers and setting up nodes.

Things became easier then for blockchain Fintech innovators. Insurance companies started to work on top of blockchain technologies like R3 Corda. Small insurance startups now experiment with blockchain technologies to offer products that aren’t feasible for other technologies (Tontine Trust). Financial startups try to reposition funds and assets settlement markets. Internet of Things (IoT) firms are looking at blockchains to safeguard access to devices and to make sure data gathered by the IoT monitoring devices are not tampered with.

Risks and regulations

As the technological, social, financial and business revolution progresses, there are new risks emerging. We couldn’t anticipate them: lost of access to investors’ fund, complex fraud schemes, Ponzi schemes using cryptocurrencies, money laundering, breaches to capital controls or financing terrorism. No government would turn a blind eye on these problems. Hence, we are seeing various forms of regulations popping up in different parts of the world, trying to curb some of the risks observed. Some of these regulations try to ban a particular form of cryptocurrency activities. Others are trying to stop some of the business participants from using crypto. These blockchain regulations, constraints and additional external factors drive further innovations in cryptocurrencies. How? Creators try to make them regulatory compliant and still useful for the consumers.

The ICO as FinTech innovation

Cryptocurrencies show up more and more often in mass media. There’s a heightened awareness that there are more investments coming into crypto projects, especially from non-professional investors in form of the ICO. These investments are driven mainly by sophisticated and innovative marketing campaigns. They target private investors with relatively small capitals, but open to invest in high-risk ventures. There are advertising agencies solely created to support the needs of this type of activity. This Fintech innovation is curbed to some extent. Regulatory requirements change towards investments in risky startups, spurring even more innovations on the verge of these two competing forces. These include blockchain-based KYC or blockchain identities project.

Academia!

I’ve been calling it Fintech innovation but to be honest, blockchain penetrates various disciplines. Finance, technology, governance or social needs. No wonder it receives academic attention. It’s pushing curious scientific communities to look into blockchain deeper and to conduct research projects on it and its potentials. Institutions like MIT Media Lab, Cornell University or University of Nicosia are investing substantial money and involving top researchers and lecturers to deepen our understanding of this innovation. What’s more, they spin-off further developments on top of their research outcomes. In addition to research institutions, there are also commercially-led research projects. A good example is Blockstream with their impressive list of Bitcoin Core developers involved. There’s also individual lead research (for example MimbleWimble).

Design-driven innovation

Some blockchain Fintech innovators try to create completely new values in this space. They start from a different angle. Rather than innovating on top of the existing technologies and amending them, they try more of a design-driven approach. They learn from other projects’ mistakes and build better initial concepts. Then, basing on those concepts, they build new technologies better suited to fulfill different users’ needs. An example might be EOS. It was designed from scratch for massive scale, built from earlier experiments with BitShares technology.

The frustrated user as a source of innovation

Yet another Fintech innovation comes from the needs of the end users. It’s designed and developed by the frustrated (but technically capable) users. Examples could be cryptocurrency mixers. These try to hide the source and destination of the funds transfers in public ledgers by mixing many transactions into one. Another example is Monero, which tries to hide transfer details by cryptographic techniques.

As technology matures, and less technical users can begin to use it, ‘User innovation’ begins. Smart contract platforms were initially very complex to use. Now, they’re becoming more and more approachable. As an example, I’ll mention the Ethereum Solidity programming language (btw, do check out our Solidity tutorial). It’s very similar to JavaScript, and it opened smart contract development – and blockchain Fintech opportunities – to Web Developers.

This is further simplified by WYSIWYG-type of innovative platforms that will allow users to create sophisticated contracts by only interacting with intuitive wizards. ICOs are also an example of user-inspired innovations. Capital or years of development expertise might no longer be needed to set up innovative companies. If the project has enough convincing factors, an enthusiastic team behind it, it might get the funding needed to start off the ground.

So what do you need to be an innovator?

Each innovation is different and each can come into life differently. I hope that I’ve managed to explain how blockchain Fintech came to be . What I can tell you is that at the beginning, innovation definitely needs sufficient resources. These can be financial resources or a dedicated team focused on delivery. Those resources promote it to the stage where you can observe its value. Over time, as the snowball effect takes place, a different type of participant enters. And by mixing and matching one type of innovation with other innovations these varied participants create products that nobody even thought of at the beginning. This is the way industry disruption works. This same cycle happens until a new and significantly superior invention appears and takes its place. Then, the cycle starts from the beginning….

Businesses and blockchain traceability & transparency

Businesses (for-profit organizations) owned by groups of shareholders often value the transparency of the way the organization is run. Those organizations aren’t led by a single person, but by an elected group of directors. The most fundamental feature of businesses governed by smart contracts is that all of the transactions and decisions are stored in a publicly verifiable ledger. This sort of businesses can be called a DAO (a decentralized organization). No director can refute the decisions they make, as their cryptographic signatures can’t be forged (direct accountability).

In DAOs, shareholders or members also have a direct and immediate impact on the direction of growth and future decisions. All costs or expenses in organizations like that are accountable, including employee remuneration. In an environment like that any gender, religious, political or other biases can’t exist.

Governments and prediction markets

Governments run in a decentralized mode are a form of a larger DAO. There are some thought experiments to organize governments in the form of a futarchy. In a futarchy, the legislative branch bases on the results of prediction markets. Prediction markets are sort of like betting or voting systems, and they proved to be an accurate way of extracting value from the wisdom of crowds. Any citizen participating in nation-wide prediction markets can have an immediate impact on the bills passed. What’s more, they can easily see the impact of those bills on their own welfare. That’s probably the best form of traceability that exists!

As the decisions are transparent (and the assets/value allocation is transparent) the money allocation to projects/bills is unbiased, and the money is assigned to objectively the best contractors. We won’t see any shady connections between government representatives and their families or friends.

Criminal organizations – blockchain traceability vs. anonymity

Speaking of shady. There’s something we should be aware of. Criminals can also use the blockchain in creative ways, sadly. For example, let’s look at markets that trade in illicit goods or those offering nefarious services. The objective is to tangle up all the dealings and transactions conducted to hide both the nature and the parties to the transaction. Seems like something that just won’t work on the blockchain? Wrong. Distributed systems include, most importantly, the full anonymity of the transacting parties. These are paired with encryption algorithms of the data exchanged by the parties. This allows such organizations to reach their objectives.

Cryptocurrency systems where you can’t see the parties to the transaction or the actual amounts (but with full guarantee of the actual value transfer!) are perfect tools for organizations that value their… privacy. If those parties get caught, the deniability of the transaction is a vitally important feature. (Un)fortunately, that’s what some of the more complex cryptocurrency systems can offer. Those are the problems regulators should definitely research.

Blockchain for different needs

To conclude, various organizations have different needs. Distributed and blockchain technologies are not one-size-fits-all techniques. They can combine and match these technologies in different ways. Prediction markets won’t work for all, and neither will an anonymous crypto system. The goal is to end up with features that suit the needs of a given organization. As we can see, they can sometimes provide an answer to contradicting needs, such as both transparency and deniability.
Just so you know, I’m organizing a workshop on Stellar soon, check it out. Also, if you’re wondering how traceability (or any other feature I wrote about) can work in practice, say, in your company, write to me using the box below.

Slides from the presentation available below and here: https://www.slideshare.net/EspeoSoftware/trustless-off-chain-computing-on-the-blockchain

Thinking cross-nationally

Regulations are usually national. There are certain cross-national regulations, but they happen only to some extent. You don’t want people financing terrorism, for example. However, it can be futile to try and regulate companies that operate through using blockchain technologies only on the national level . That’s because companies can change the jurisdiction of their inc. to avoid unnecessarily harsh blockchain regulation. It would be very beneficial for the whole industry to create cross-national non-profit organizations and self-governing bodies that can address policy blind spots . Their members can range from industry representatives to government representatives. They could be tasked with suggesting and promoting good regulatory practices across the members and jurisdictions they represent.

Educating

As a technology, blockchain can’t be regulated or banned , as it’s only a concept/algorithm and a technical data structure. Entities (especially those non-formalized) operating purely on the blockchain that don’t interact with real-world companies can’t be regulated either. However, regulators should also be involved in education campaigns , spreading awareness of fully decentralized schemes or pointing to risks of suspicious schemes (example here).

Focusing on entities interacting with blockchain

Blockchain regulation should be focused on the entities that interact with blockchain technologies. They operate on the blockchain network, offering their services to other real-world consumers or companies. Regulation on this level shouldn’t be much different from what we have for similar non-blockchain services. This includes any financial operations, insurance, logistics, etc.

Allowing exemptions

As the technology is very innovative and can create positive change across many industries, there should be regulatory exemptions in place. Good examples include blockchain regulations in Switzerland or Gibraltar for small-scale operations. They’re measured, for example, by a maximum value of customers’ assets held by the operation without full license or by the exemption time. In these cases, the regulation is won’t limit innovation before it’s able to prove its positive value.

Self-regulation

Some fully decentralized schemes can and will impose self-regulation practices and extreme transparency . An entire industry built around providing analytical, monitoring and transparency services to existing fully decentralized schemes may emerge . This would increase the customers’ confidence in the schemes. So, regulators should also promote these practices – or companies offering them. Regulators and Central Banks can even go one step further and create national cryptocurrencies with self-regulating capabilities built right into their scheme. Decentralized services built on top of national cryptocurrencies can be considered safer by the end customers. Of course, if the scheme can self-enforce regulation best practices (proper KYC and AML).

Anonymous schemes

It’s possible that national governments and regulators may create their technical interfaces/APIs . For example, for proper tax calculation or for direct sales tax payment. So, those fully decentralized services offering their products to the citizens can become fully compliant with the local regulations even if they lack any real-world manifestation . Schemes like that can increase the customer’s safety. What’s more, they contribute to the view that customers can operate within the law even in the case of fully anonymous schemes . At the very minimum, regulators have to clarify their stance on the sales and VAT taxation applications to transactions conducted with blockchain .

Using green addresses

In some jurisdictions (like China), capital controls, especially the flow of capital abroad, are an important part of regulatory responsibilities. It’s hard to curb Bitcoin transactions as they’re naturally borderless. However, it’s possible to control all the participants that take part in converting fiat money to Bitcoin – and vice versa. There’s also the concept of Green Addresses. These are Bitcoin addresses that belong to a known and trusted financial institution which also manages the users’ bitcoin wallets. Whenever a user wants to make a transaction from a wallet to an external party, they can send it via its Green Address provider. Then, the outgoing transactions will look as if they’re coming from a trusted address of the Green Addresses provider. Regulators can require all transactions into and out of exchanges in a given jurisdiction to go via Green Addresses.

Fixing information asymmetry

The concept of information asymmetry exists in the general economy. For example, in used cars trading. Let’s say the buyer can’t really tell if a car is good or bad. The seller can easily hide some defects, which leads to increased distrust between two parties. Blockchain technologies can help, as they can provide irrefutable provenance proves. Every object can be traced back to its producer and all the previous owners. Additionally, you have trackable quality assessments and can see all the amendments and repairs ordered in the meantime. This information can’t be removed or hidden from the blockchain. Regulators could structure market transactions so that proper provenance collection is required for every newly built product from a certain market. This way, it gradually introduces complete reliability to this market and lowers information asymmetry.

Blockchain regulation catches up

These are only some of the issues that national regulators have to face. Some advancements were impossible to predict when regulators passed resolutions. It’s a difficult game of catching up. And if you feel you need to catch up with what’s currently allowed and what’s not, go for blockchain training.

To become adopted within a product development process, a new technology – like digital cash – has to bring significant improvements to existing technologies, either in terms of cost saving, function, efficiency or design. Alternatively, many consider it a disruptive innovation — poised to completely replace some existing technologies, processes or products.

In their inception phase, crypto payments were only a technical idea with a proof-of-concept showing that the reasoning behind them is sound. However, without an ease of use factor, large-scale adoption remains limited. This is about to change.

Crypto payments advantage #1 – Cost effectiveness

A major differentiating factor is the applicability of this technology to both domestic payment market needs and transactions for small value amounts as well as to high-value, across-the-globe payments between governments and corporations. As there are no 3rd parties that need to secure, process and proxy the transactions, costs are pushed down significantly .

The cost-effectiveness factor of the product also means that we’d be able to use this technology to create products for “unbanked” people. For example, in regions where suppliers can’t offer traditional payment products as they’re not financially viable.

Crypto payments advantage #2: Variety of use cases for digital cash

The second most important advantage of digital currencies is their applicability in vastly varying business scenarios. They support diverse use cases. Digital cash can be tailored to support person-to-person payment scenarios , like borrowing money from your colleague for lunch or handing a small amount of pocket money to your kids. However, we could also use them for regular purchases , such as online or in-person shopping with brick-and-mortar merchants.

On top of that, the model can also cover much more complex scenarios for the corporate world. Example: a hierarchically organized group of people controls fund spending. CEOs can make decisions themselves up to some specified monthly limit — or with other board members above that limit. We can apply digital cash to scenarios where the paying party is either online or offline.

Crypto payments advantage #3 – Speed of transaction

The amount of time that user has to wait from the purchase decision to payment confirmation can be significantly lowered, even to microseconds . It would only be necessary to check the transaction’s validity using digital currencies and their cryptographic capabilities. You wouldn’t need to wait long seconds for the card transaction to filter through the chain of complex integration networks between intermediaries. Acquiring banks, issuing banks, card schemes, payment gateways – you can remove the requirement for trust in any of these intermediary parties.

Crypto payments advantage #4 – Anonymity

For some types of transactions, like donations to a political party, we wouldn’t like to reveal our personal data. Cash offers that feature, but only for in-person payment and only for products of smaller value. Digital currencies, when used properly, reintroduce anonymity. Parties can make transactions for purchases of any value and without any physical or geographical boundaries.

On the other hand, each and every transaction is permanently and irreversibly recorded in the public ledger. So, if a regulatory body only knows one party to the transaction someone could extract valuable information about the payment parties themselves and their past activities from the ledger. This makes digital currencies product compliant with various local and national regulations (KYC, AML or ATF).

Problem #1 – …anonymity!

We should also note some features that can cause problems to crypto payments users. The first one would be… again, anonymity. It can be an advantage, but under some conditions, we can see it as a disadvantage. Shadowy partners in a transaction can cause regulatory interest and even police investigations.
What’s more, making sure that a transaction is truly anonymous isn’t easy. You have to take certain technical factors into account. External services on top of a digital currency can assure that, but then you have to trust them to some extent.

Problem #2 – Fraud

As with any new means of payment, hackers and fraudsters can target its users in sophisticated and clever ways. The education process for a new product (like crypto payments) always takes time . During that time, users are more vulnerable to various forms of attack . A lot of unique features of digital currencies (anonymity, cost-effectiveness, lack of intermediaries) stem from the decentralized nature of the technology. But as an end-user, you don’t usually see the decentralization complexities. You rely on the regular communication interfaces available (mobile phone application, web browser sites) which increases your vulnerability. Transactions, by design, are irreversible, no matter if fraudulent or legitimate. This may discourage some users.

Problem #3 – Valuation swings

Classical digital currency value isn’t pegged to any national fiat currencies, which can cause big swings in currency valuation. These swings might make the currency unusable for some use cases. In time, when adoption grows, the swings will be smaller and spectrum of use cases will increase. However, right now this is a disadvantage. On the same note, if the number of merchants and other parties willing to accept digital cash is small, adoption will remain limited.

What are the properties of the perfect digital currency?

With all that knowledge, we can try to design a list of properties the ideal digital currency should have to reach the widest possible adoption:

1. Ease of use, preferably in an already familiar way. For instance, it can interface with some existing means of payments like mobile payments or card initiated payments, QR-codes and NFS.

2. A regular mobile phone should be enough to make transactions.

3. Very small cost of usage. This would allow micropayments.

4. Value-added products and services (loans, investment, savings, corporate products) should be possible to be built on top of the digital currency (expandable, programmable money).

5. Government sanctioned: it adds legitimacy and greatly widens adoption.

6. Global reach, acceptable around the world for both online and in-person purchases.

7. Value pegged to basket of fiat currencies (so that it’s not that volatile and can appeal to various geographical regions).

With these features, the number of uses cases for crypto payments and digital payments is vast and various. Adoption of digital cash can start with micropayment scenarios, where there is little competition. Gradually, we can move to other more competitive areas. Read more about more blockchain business ideas and challenges on our blog – and sign up to our newsletter for more!

Keeping things safe

1. At its core, DAO was designed as an informal group of parties which operates entirely within the algorithm of its code . Theoretically, they can stay anonymous. However, it’s impossible that this code would cover every possible future case. There’s the obligations and interaction mechanisms between different DAOs and between different members and participants of the DAO. Moreover, if there’s no formalized legal structure in place for this entity, courts will impose one. A DAO most resembles a general partnership in which members/partners jointly represent DAO and are liable for its actions and obligations. The DAO may not have assets from which to indemnify third parties. So, it lacks assets or legal form. Therefore, the court could see the entity as fiction and could allow a lawsuit to proceed against individual members .

2. A safe approach for DAO members would be to create a standard legal entity to which the DAO belongs. Every change in the DAO membership will have to be reflected in the entity membership/shareholding structure.

3. A DAO can control cryptoassets. They can represent almost anything, including real-world assets, fiat money, valuable objects like cars, houses or precious metals. Those assets should be put under control of multisignature wallets (escrow) which DAO members have control over. Of course, proportionally to their DAO membership shares.

4. There are initiatives in development that plan to setup “virtual jurisdiction” within which DAOs could operate. They could then cooperate with each other safely and with clearly defined rules. What’s more, they could have dedicated arbitration procedures in case of an unresolvable dispute.

5. A DAO smart contract could also include a clause referring to a private court which specializes in smart contract disputes. It’s far better to determine preferred jurisdiction beforehand, than let a plaintiff or a government choose it afterwards.

Blockchain legal issues – DAO

1. In the real world a ‘principal’ is liable for its agent’s actions . Check out agency theory for more. An individual developer or software company that created a DAO can be considered as principal in some scenarios. That principal can be held liable for the actions of the DAO (and its members) without having any control over them.

2. Legal language is very different from procedural computer language. Usually, a software developer isn’t able to express all legal details accurately. Development of specialized smart contract law programming languages is still in its very early stages.

3. There’s no common way, yet, to represent fiat money on the blockchain. Here’s an attempt. However, most of the traditional contracts still need to represent value using fiat money or precious metals . Possibly, Central Banks can also digitize fiat money on the blockchain. Until that happens, most of the DAOs operations will be very limited in scope.

4. If we treat a DAO as a for-profit company, there is whole set of unanswered questions. For example:

   1. Can DAO members or DAO itself claim expenses against profits?

   2. If the DAO needs to buy a physical asset, whose name goes on the paperwork?

   3. If the DAO creates and patents intellectual property, who’s the registered owner?

   4. How a DAO can own an internet domain when domains still need to be registered to a person or company?

   5. How should taxes be paid if the DAO (or its members) make a profit?

Final remarks

Naturally, my article doesn’t constitute any blockchain legal advice. But these are certainly blockchain legal issues to consider. A DAO is definitely an interesting initiative that can fix real problems. Just make sure you’re prepared for every contingency. If you’re not sure you are – consider our blockchain training sessions. We’ll work through your problems.

What is a DAO?

In short, a decentralized organization relies on hard-coding certain important company rules, so that specific actions can be automatically carried out. A DAO relies on smart contracts to enforce those rules digitally.

Benefits of a DAO

1. Shareholders/members of the DAO can have a very direct and immediate impact on key company operations.

2. Cheap distribution of shares. What is a DAO benefit is that there’s no middleman. We have peer-to-peer communication between members who want to sell/buy DAO shares.

3. Cheap distribution of dividends (directly from the decentralized organization to members).

4. You can code many standard corporation activities in the algorithm. So, they can be executed automatically without any human intervention. Accounting, auditing, tax payment, payroll – you name it. It adds transparency to the operation, removes the risk of human error and lowers employment costs.

5. You can also code integration with suppliers (exposed as other DAOs) in the algorithm. So, execution can work based on that interactive algorithm. If not disputed, cooperation between parties can be much smoother and cheaper.

6. No single person (like a CEO) exists who represents the DAO. All members, even minor, represent it collectively.

Risks of participating in a decentralized organization

1. If you lose the cryptographic private key, or someone steals it, you also lose access to the DAO and voting rights in it.

2. The programming code of the DAO can have bugs which might be impossible to correct. As we know, the smart contract code is immutable (read more about blockchain immutability). These bugs can result in anything, from money loss to unexpected liability incurment.

3. Public blockchain networks (like Ethereum or Bitcoin) aren’t controlled by any single party. Their evolution can go into an unexpected direction, resulting in DAO disruption. In extreme cases, a DAO might become unusable.

4. Most useful decentralized organizations need access to data outside of the blockchain. These data can be provided by automatic or semiautomatic centralized oracle mechanisms. To disrupt the operation of that DAO, it’s easiest to target the oracles it depends on.

5. The algorithm can’t go beyond what it was programmed for. Hence, it can make biased or plainly bad decisions if you don’t account for every reasonable fact and circumstance. A DAO should be structured so that there’s always a human factor involved that can take back or stop automatic decisions.

6. Parties (cooperating decentralized organizations) might not be explicitly defined in the smart contract. In case of a dispute not covered by the code (and without an automatic arbitrator) it might be difficult to resolve it in traditional legal system.

What is a DAO capable of? Stay tuned for the second part. In the coming weeks I’ll take a look at DAOs from a legal perspective. And if you’re considering blockchain for your company, but you’re still stuck on terms and crypto jargon – it may be time for blockchain training.

Blockchain immutability

As I wrote, one of the defining properties of smart contracts like the Ethereum smart contract is that their code is immutable . Blockchain immutability means that parties agree to the terms or “code” of the contract, that code can’t be changed by any party unilaterally.

The result of the execution of the smart contract is similarly unchangeable. Of course, that happens once the agreed-on code is executed and produces a result. The result should be objectively verified by the other party to that contract, or even by an external party. For example, this could be a regulator or observer. Only then you can be 100% certain it’s valid.

Free from external factors

The immutability of the results of the executed smart contracts stems from what I’ve mentioned at the beginning. What’s important is the context in which the smart contract is executed: sandboxes . That means the contract is free from the influence of any external factors. An environment like that guarantees the determinism of computational results.

T he only factors that influence the result are the input data to the smart contract, and the data stored within the smart contract environment . By the latter, I’m referring to the data that was stored there when smart contract was instantiated for the first time. Or, by the previous execution iterations of the same contract. In some smart contract environments (like Ethereum) smart contracts can also communicate with each other and influence the execution of one another. However, this is still done in controlled and deterministic way.

The Ethereum smart contract’s not the only one. Other implementations

Various implementations of smart contracts seek to leverage their benefits. Bitcoin’s smart contract language (script) is intentionally limited in complexity. The logic that can be expressed in it is very restricted. On the other hand, we have the Ethereum smart contract. The set of the operations that can be executed within the Ethereum Virtual Machine is much broader. Almost any reasonable algorithm or logic could be expressed in it, though there are still limitations on the number of operations per invocation.

Going even further, Hyperledger Fabric has no restriction on the complexity of the smart contract logic or the number of operations. That means it’s very powerful. However, it it also greatly increases the risk of node consensus divergence if that power isn’t used properly. Generally speaking, the level of expressiveness is a feature of a particular implementation. It can vary, providing different levels of security and strength for particular use cases.
It’s worth knowing the consensus doesn’t have to be immediate. Depending on the implementation, it might take around 1 hour (Bitcoin) to reach the semi-final consensus, or be almost immediate (Hyperledger Fabric). That’s despite the fact that once the consensus is reached, the smart contract execution result is provable and immutable.

Controlled access

Some smart contracts need to have access to structured data from the outside of their environment . In most implementations, controlled access to that data can be provided by privileged actors. They’re able to fetch the data needed at the specified time. Then, they can provably transform the data to a format that can be processed by the smart contract. Actors like that are called Oracles. They’re an inherent part of the productive smart contract ecosystem. They don’t change the other properties of the smart contracts. Oracles also work in the same sandboxed environment as the other smart contracts. Once the data is provided, it can’t be modified and is ‘provable’ forever.

Can smart contracts function without a blockchain?

If we want to execute smart contracts with the listed properties, they need to have access to some form of history inalterability. At the least, we’d need a way to prove that the history was changed and the observed results can’t be trusted any longer.

Blockchain is one technique that gives that particular feature but there’s research being done on other techniques. One of them is DAG (directed acyclic graph) where the smart contract transactions form a graph of relations (not being part of the chain of blocks). Yet another approach was undertaken by the Corda platform. There are no blocks in Corda, and transactions are exchanged directly between interested parties in the form of cryptographically signed sets of data.

Blockchain immutability brings many advantages to various industries, and is one of the features that inspire our clients to get on the blockchain. So, the Ethereum smart contract and the blockchain platform are what we deal with every day at Espeo Blockchain. That, and much more. If you’d like to leverage blockchain immutability in your project, we’re interested! Let us know in the box below.

Be the first

Novelty in product offering is an edge given to the first market participant that offers a product that their blockchain competition hasn’t released before. Or they won’t be able to for some time. A blockchain example of this strategy is BitGo . BitGo built its brand on the association with secure cryptocurrency storage and fund processing for enterprises. In the early days of Bitcoin, it utilized 2-of-3 multisig wallet technology and secured its label as the first company to offer it to professional customers. Later on, driven by that association, they offered other custodial services for financial clients ( crypto exchanges , but not only that). They covered support of other cryptocurrencies and offered easy to use APIs on top of their platform, extending their offering to products for the retail market. Examples include Secure Wallets or Instant Payments to circumvent Bitcoin’s requirements for 10-minute block confirmation time.

Address regulation

Another part of BitGo’s business – still highly connected to their initial offering – is regulatory compliance . National regulators are demanding more and more from financial institutions and from startups interested in using cryptocurrencies. Therefore, those ventures need to invest more resources into becoming fully compliant with regulations. Being able to outsource those obligations and associated processes (as well as paying for it in a pay-as-you-go model) is a big advantage for new market shakers. Not to mention a steady stream of income for BitGo. Nicely done!

Implement sustainable processes

Another way to implement a sustainable level of innovation in blockchain is to focus on handling processes in a new and improved way . By processes I mean both internal – visible only within the company – and external, related to the way customers or external resources are handled. A company that’s a good blockchain example of mastering process innovation is ShapeShift . On the surface, it looks like a plain, straightforward exchange for all possible combinations of cryptocurrencies . The difference is that users don’t deposit their funds on the platform and then try to bid against each other, as is the case with other crypto exchanges. The ShapeShift platform offers spot rates for all the pairs it supports. The user can only accept the rate and exchange one asset for another one.

Under the hood, ShapeShift uses a complex matching engine to integrate with many other cryptocurrency exchanges (both distributed and traditional centralized exchanges). It can shift funds from one exchange to the other, to internal wallets and to distributed p2p transaction engines. At the same time, it tries to squeeze as much as it can from the market spread to make a profit for itself (arbitration) . The internal optimization of these processes increases ShapeShift’s profitability and a risks profile it’s willing to accept. To the end user, the whole process is very smooth.

Have a tech combination that’s hard to copy

The complexity of your product gives you an edge in a very particular sense – it’s difficult to copy you. The blockchain example is actually a great one. Bitcoin or, generally speaking, blockchain technologies are highly complex technical combinations of cryptographic techniques, distributed computing, efficient data storage and clever algorithms. If you combine all the experts in those blockchain technologies under one roof, you’ll get a truly remarkable combination . This is exactly what Blockstream did – they hired quite a few Bitcoin Core Developers with unique skills and enthusiasm to work on complex technical problems. Then they started to work on difficult problems no one has worked on earlier, but in an organized fashion. Lightning, Sidechains, Segregated Witness, Confidential Transactions, Satellite to broadcast Bitcoin blockchain from space, and so on.

Unique blockchain example? Patent it!

Companies can also seek protection from blockchain competition by patenting their technologies and other intellectual properties. One of the companies headed down this route is Accenture , one of the biggest accounting and consulting firms in the world. Together with Dr. Giuseppe Ateniese, they’ve patented technology that could allow them to offer blockchain technologies with an exceptional feature: editable blockchains . It appears to go against blockchain common sense – it’s advertised as an immutable ledger where the data that is already stored can’t be amended. Yet, in many business scenarios mistakes can happen. Having an ability to edit the data in a way that’s still fully controllable by the consortium (yet the previous data won’t be accessible after the edit) might be a feature that draws the attention of enterprises. Having that feature protected by a patent certainly gives Accenture a head start.

Adapt to fix problems

Many different blockchain technologies and companies/organizations behind them compete against each other. They all try to innovate and by doing it, they’re amending the rules of their blockchain technology . If the community around a particular technology is small, it’s not that difficult. They simply agree on the change and the date when all community members should upgrade the software. The problems start when the project is really successful, with a big community gathered around it. Then, changing its internal rules of operation is not that easy. Not all the community members agree with the change, or simply not all of them are ready to upgrade.

Solving this particular problem is a foundation upon which Tezos works . They created a blockchain technology with an on-chain governance model embedded into the protocol . All of the changes to the internal operations of the protocol can be voted on . If sufficient backing is found, the changes can be implemented and will be automatically accepted. This stands in stark contrast to the governance model of Ethereum or Bitcoin. As we know, a disagreement between the involved group of developers resulted in them forking to respectively Ethereum Classic and Bitcoin Cash. This innovation could still potentially give Tezos an advantage against their blockchain competition (their legal issues are another matter), as they can be very flexible in their approach toward future developments and challenges.

Blockchain competition – conclusions

The blockchain ecosystem is a fertile ground for experimentation and innovation. At Espeo Blockchain, we’re often amazed at the novel ways our clients try to utilize blockchain. It goes without saying that the truly innovative projects are a joy to work on. That’s why we’re always looking for more! To be able to compete against constant innovation in a long term perspective, companies have to think wider . Innovate fast, or try to protect your innovations from the competitors by hiding them in internal processes or protect your knowledge using patents. If you’re not sure how to innovate using blockchain, custom blockchain training might be a good idea.

You can read more about crypto payments and blockchain challenges on our blog. And if you have an innovative blockchain example of yours, let us know below.

1. https://github.com/mz7mz7mz7/RobotME/blob/main/seminar/seminar2.pdf

2. https://github.com/mz7mz7mz7/RobotME/blob/main/paper-bis2007/presentation/lecture.pdf

3. https://github.com/mz7mz7mz7/RobotME/blob/main/seminar-idss/seminar-idss.pdf

The full thesis and the source code are available here: https://github.com/mz7mz7mz7/RobotME

Conference paper published in Springer available here: https://link.springer.com/chapter/10.1007/978-3-540-72035-5_37

Mutation Testing allows us to evaluate the quality of tests prepared for a software application. It aims to determine test set thoroughness by measuring the extent to which a test set can detect slight variations in the program. If we change the source code in a way that changes its behavior and the prepared test suite doesn't detect it, then the quality of tests is probably not good enough.

There are three approaches to mutation testing:

- lexical-based, in which the source code is modified in a raw, lexical form, which in some cases may lead to producing uncompilable code

- syntax-based, in which the source code is modified while in form of a syntax tree, which is much more reliable than the lexical-based approach, but the code still needs to be compiled

- bytecode-based, in which the code is changed after compilation, on a bytecode level

2. Chosen approach

The prepared framework is based on the bytecode approach, as it allows introducing mutations without the need to recompile the code over and over again. Therefore it is much faster than the other two approaches. We’ve also chosen the ASM library (instead of BCEL) to modify bytecode, as it is smaller and faster than BCEL.

3. Design specification

One of the aims of our project was to fully integrate the mutator with Ant, so that users familiar with ant tasks may easily use our mutator. Everyone capable of configuring ant to run JUnit tests will also be capable of configuring it to run our mutation testing framework. The only additional required parameters are:

- path to jad.exe, so that the changed bytecode might be decompiled to the java source

- path to directory where report should be placed

- path to project to mutate

- path to directory for temporary files

Figure 1: Example Mutator engine configured in ANT’s build file

Figure 2: Equivalent JUnit configuration in ANT’s build file

Another asset of this approach is the possibility of including standard junit reports in mutation framework report, so that the user can easily navigate the results and see what tests failed because of the mutation.

From a developer point of view, it helped us that we didn’t have to implement timeouts (in case the mutation resulted in an infinite loop) – it was already present in the junit ant task we used.

Reports are generated by Apache Velocity templates, which might be easily adjusted to user needs. The architecture allows adding new mutations in a very straightforward way – by simply adding one class for every new mutation.

A UML diagram of developed architecture is presented on the next page.

4. Mutations description

a. Arithmetic operators replacement

All addition operators are replaced with subtraction operators and vice-versa. All multiplication operators are replaced with division operators and vice-versa. This mutator is quite simple; in projects more computational than the “dbutils” however, it may be very effective.

On a bytecode level, this means changing operators:

· XADD -> XSUB,

· XSUB -> XADD,

· XMUL -> XDIV,

· XDIV -> XMUL,

where X is I (for integers), D (for doubles), L (for longs) or F (for floats)

b. Numeric literals replaced

All appearances of “0” number were replaced with “1”. All other byte numbers >=1 were replaced with 0. Note that this implies replacing boolean value false by true value and vice-versa. Therefore it is a very effective mutator (producing many mutants), as boolean values are very popular in any type of code.

On a bytecode level, this means changing:

· ICONST_0 -> ICONST_1

· ICONST_1 to ICONST_5 and BIPUSH x (where x is a byte number) -> ICONST_0

c. Equality and non-equality changes

Equality operators ( == ) were changed into non-equality operators ( != ) and vice-versa. This mutation was applied to both object and primitive value comparisons.

On a bytecode level, this means changing:

· IF_ICMPEQ -> IF_ICMPNE

· IF_ICMPNE -> IF_ICMPEQ

· IFNONNULL -> IFNULL

· IFNULL -> IFNONNULL

d. Null objects and zero number returned

In all methods returning numbers 0 was returned instead of the proper value. In all methods returning objects instead of the object, a null value was returned. In every object-oriented program this should be quite an effective mutation.

On a bytecode level, this means that for any of the codes ARETURN, IRETURN, DRETURN, FRETURN, LRETURN instead of one mnemonic we put a sequence:

· POP (the value that was to be returned is dropped)

· ACONST_NULL, ICONST_0, DCONST_0,FCONST_0, LCONST_0 (inserting 0 or null on stack)

· ARETURN, IRETURN, DRETURN, FRETURN, LRETURN (returning)

e. Relational operators changes

Relational operators were replaced as follows:

< by >=

<= by >

\> by <=

\>= by <

Note that this mutation may lead to code falling into an infinite loop.

On a bytecode level, this means changing:

· IF_ICMPLT -> IF_ICMPGE

· IF_ICMPLE -> IF_ICMPGT

· IF_ICMPGT -> IF_ICMPLE

· IF_ICMPGE -> IF_ICMPLT

As all aforementioned mutations were applied at bytecode-level, some of them were rather unreadable after decompiling – e.g.:

+    static Class class$java$lang$Long; /* synthetic field */
[ …]

-        if(((Object) (type)).equals(((Object) (Long.TYPE))) && (java.lang.Long.class).isInstance(value)) {
+       if(((Object) (type)).equals(((Object) (Long.TYPE))) && (class$java$lang$Long == null ? class$java$lang$Long : (class$java$lang$Long = _mthclass$("java.lang.Long"))).isInstance(value)) {
             return true;

However, on the whole we find applied mutations quite useful. Although they may seem trivial, they still leave many mutants alive which may be helpful in improving prepared test suite. For such a simple project as dbutils they are completely sufficient.

5. Evaluation for Jakarta Commons-DBUtils project

The results of running implemented mutators are presented in the following table:

Execution time of whole suite of mutators lasts 9 minutes 10 seconds.

ChangeSUB2ADDVisitor, ChangeDIV2MULVisitor and ChangeMUL2DIVVisitor do not produce any mutations, as mutated source does not contain any subtraction, division nor multiplication operators.

From the presented results we can see, that probably the most effective mutators are EqualityVisitor (implementing mutation c) and ZeroOneVisitor (implementing mutation b). They have the lowest scores (not including ChangeAdd2SUBVisitor, but it has only 4 mutations so it is not very representative). This means that they can indicate the weaknesses of tests and find carelessly designed and/or implemented parts of code.

Of course, as implemented mutations are applied at bytecode level and they are context-free, not all of them produce readable code. Therefore, for some of them it will be difficult to check if they meet all three required conditions: reachability, necessity and sufficiency.

After analysing not dead mutants we made the following observations:

- Inner class BasicRowProcessor$CaseInsensitiveHashMap is probably not well tested, as changes introduced by mutation b are not detected.

- Method “private boolean isCompatibleType(Object value, Class type)” in class BasicRowProcessor leaves many mutants alive. However, code produced by mutator c is difficult to read and it might happen that produced mutants are equivalent to proper code. On the other hand, other mutations (from mutators b and d) are also not dicovered by tests, so probably the method is not tested well.

- Other mutations on methods of BasicRowProcessor class show, that probably this class is generally lacking good tests

- Tests for classes DbUtils and QueryLoader do not detect invertion of equality operators

- Tests for QueryRunner do not detect changes introduced by most of mutators

- Other classes tests also fail to detect some of the introduced mutations, but it seems that the aforementioned 4 classes are the ones that lack tests the most.

Authors: Liliana Ziołek & Marcin Zduniak