Proposal: Community standards for projects deploying on Nervos

Dear all

This is an open discussion about how to help the community apply better due diligence when researching projects that are deploying on Nervos, and how the community itself can create social pressure to encourage good practices from these projects.

To introduce myself, I am a content creator in the Nervos community and am involved with the Nervos Nation community project.

Background

Nervos is a public, permissionless platform. This makes it a public resource that anyone can make use of, and anyone is free to build on it.

This has many benefits but also carries risk. In the crypto sphere, there are countless projects that fall short of their desired aims. In some unfortunate cases, this is due to bad actors, or good actors who are incompetent. The result is lost funds, broken trust, and a demoralised community. In most jurisdictions, laws and regulations are present that can offer some protection for investors. Furthermore, if a business becomes bankrupt, then this is publicly known and and there is some level of accountability.

In web3, we are on the other side of that spectrum. Anonymous teams have virtually no consequences of going bankrupt, failing, rug pulling - in fact they can rinse and repeat somewhere else. With the decentralised aspiration of web3, it is more important for the community to practice due diligence and “self protection.” Furthermore, the community should express what it expects as a minimum standard from projects that seek community support and investment. I would go as far as to say that in web3, community is everything.

Due to various factors, some projects on Nervos have had to cease operations. This is the risk that any startup faces, as well as the investors who choose to support it. The problem however arises where projects seek community investment and support, but then fail to deliver any working product, and are then unable or unwilling to return money to investors.

Case study: Poker Pepes

I’m highlighting this as a very recent example on Nervos. This was intended to be a crosschain poker / casino platform on L1. Supporters could buy NFT Pepes that would be used on the platform to avoid fees, and if enough were accrued, could actually receive a portion of the transaction fees earned on the platform. Although the founder provided his first name, he was essentially anonymous.

They recently announced that they could not continue because, as they explained to me in private, they spent money paid by the community on paying back other loans and trying to build the platform itself. Furthermore they could only return a small fraction of the money they received from investors. As an added twist, it also became apparent that the project created many fake social media accounts and personas in order to create hype and lure in investors. These points have caused a great deal of anger in the Nervos community.

In the wider context of the bear market, and other projects having collapsed (DarumaDAO) or underperformed (Stablekoi and others), episodes like this do damage to community members’ confidence in Nervos even though the differentiating line between Nervos and the projects that build on it is clear.

We have a Twitter spaces in a few days so the community can discuss the difficulties with Pepes and other projects.

Proposal

I believe the best way forward is to:

  1. Better educate the community about being more discerning about supporting projects. The ecosystem is still small, community members want to support everything that is coming to Nervos as a means of supporting Nervos’ growth. But it’s clear this is not feasible.

  2. Develop a consensus in the community about some bare minimum standards we expect projects building on Nervos to follow, if they desire our support and investment. Three standards that I propose for discussion are:

  • Be doxxed. This doesn’t eliminate the risk of bad actors, but it creates a greater sense of accountability. There is a heavier trust element in anonymous projects that they won’t just disappear with funds when conditions become difficult, or say that they have less than what they really have. There are exceptional circumstances (such as personal safety in harsh jurisdictions), however these people should then at least be vouched for by an independent party.

  • Evidence of competency to achieve what is promised. This is linked to being doxxed; it should be known that the project or team has the experience or competency to match their aspirations. In the case of the Poker Pepes situation, the team heavily overstated their credentials and contacts to convince investors of their competency.

  • (Optional) Audit. I added this one for discussion because audits don’t guarantee against hacks. But they can provide reassurance against malicious code that could become the basis of a ‘rug pull.’ I think obtaining an audit for a small startup could be prohibitive in terms of time and cost, so the other 2 points above help to offset this suggestion.

I think having such expectations clearly expressed by the community will create a social pressure on projects to raise their standards, as such standards themselves are not enforceable. This in the long term will improve the quality of projects in the Nervos ecosystem as well as overall community sentiment.

6 Likes

Thanks for putting this out there Neon :+1:
imo many in the community (including me) are very supportive of anything built on Nervos, simply because it is built on Nervos - it takes quite a lot of effort and knowledge to appreciate Nervos despite the price and slow eco growth, so we transfer that assumption of diligence and knowledge onto the teamy ‘choosing’ Nervos.

In reality many are simply trying their hand at a fresh ecosystem in hopes for a grant or a first-mover position.

I’m not a fan of doxxing - very much would favor audits and fairly in depth AMAs with for example NervosNation or local communities where the tough questions are asked and answered.

3 Likes

Hi everyone. I appreciate the conversation happening here. Internally at the Nervos Foundation and at Build Club, these kinds of things have always been a topic of debate as well. Especially because there is no easy solution or one size fit all approach.

Ultimately, Godwoken is a permissionless blockchain by design, so the foundation itself has little control over who deploys.

However, I can share a little bit of our thinking at Build Club, which I am still involved in. We are putting together some rules and requirements for projects going through the system. Specifically, those which are defi in nature (as they typically are higher risk).

One of those requirements is for defi teams to be either public or to do a builders KYC process. Currently, we are aware of two such projects that offer this service at a somewhat rigorous level. That being AssureDefi and Certik. We are always on the lookout for more.

You may have seen that Brainiac Finance recently went through the process and some other projects are doing the same.

Other requirements will include transparency if it’s a clone project (which is not necessarily a bad thing), active social media, etc. As our rules and process are more set, we will publish them for everyone to understand better. Brainiac Finance kindly agreed to work through it with us. Again, this is Build Club, and not Godwoken as a whole.

Another tool that we were waiting to hit the mainnet is Sourcify, which allows for contract verification. (Builders can upload their contracts and verify that its the same as what is on chain). Thankfully the Sourcify team just merged our request this week. This means the public can be sure of the code. While I understand not everyone will be able to understand this code to DYOR, it adds another level of ‘verification’ to the process.

At the end of the day, these things will assist in projects being more transparent, but cannot guarantee anything. Sometimes projects will legitimately still run out of funds (or claim they do), be badly managed, rug or have security issues. I will always encourage the community to DYOR. We are still in the wild wild west phase of blockchain.

As mentioned at the top, I appreciate the conversation and figuring out realistic plans that we can implement together.

4 Likes