Leveraging Web 3.0 Part 2: Digital Infrastructure and Potential Risks

By Nikolai Layne and Chelcee Brathwaite

In our first piece titled: Leveraging Web 3.0 to Boost Trade & Investment in the Orange Economy we explored how Web 3.0 developments like smart contracts, asset tokenization, and the metaverse can be leveraged in the orange economy. In this SRC Trading Thoughts, we examine practical tools and applications for navigating Web 3.0 and associated risks.

Key Tools & Applications for Navigating Web 3.0

  • Blockchain Based Domain

Blockchain domains are basically suites of smart contracts – software written on a public blockchain. These domains can work as a naming registry for crypto addresses, which makes the process of sending and receiving cryptocurrency easier and more secure than having a wallet address (a randomly generated set of numbers and letters used to send and receive digital assets) shown on a traditional website. “It is possible to build programs on top of the domain and run them like apps, inspect records and build software to interact with other applications” (Chen 2021). Blockchain domains are accessible to the general public and can be purchased online without renewal fees which differs to traditional domains.

  • Virtual Machine (VM)

A virtual machine is a program that functions like a computer system, with an operating system, memory for the storage of files and applications and the ability to host websites, run programs or even exist on a network with other systems. However, it is all done by code in a simulated environment with no physical identity which means that multiple virtual machines can coexist on a single server. In the Web 3.0 space VMs are recognised as sandboxes where code can run separately from the rest of the system. An example to provide some context is the Ethereum virtual machine which can be used to communicate with or execute smart contracts. Due to the decentralized nature of the Ethereum virtual machine, external systems can participate in the network (nodes) to verify transaction data and receive rewards for contributing to the ecosystem. Ethereum code is publicly available which means that anyone can build in the environment once they meet the requisite system requirements and have the appropriate digital skills.

  • MetaMask (Signer)

MetaMask has a dual function in the Web 3.0 ecosystem which must be clearly understood. First, the application acts as a cryptocurrency wallet where users receive a key vault, token wallet, secure login and access to a token exchange. Additionally, it provides a gateway to the new web which enables user access to the core Ethereum network so they can interact with all Ethereum based decentralized applications (dApps) more easily. MetaMask provides a secure means of using multiple dApps whilst browsing which is beneficial to users interested in full control of their own data. MetaMask is free to download as both a mobile application and desktop application or browser extension.

  • Public Key Infrastructure (PKI)

PKI technology serves as an important privacy function in the Web 3.0 space because it governs the issuance of digital certificates to protect sensitive data, provide unique digital identities for users, devices and applications and secure end-to-end communications. This technology acts as a trust liaison for parties to securely exchange information. In a practical sense the use of digital certificates, public keys and private keys are core to this technology. When information needs to be shared or transferred between users an encrypted file known as a certificate is secured by a public key and sent off by the owner. Each public key has an associated private key that is under the owner’s control and can be shared with any party privy to the transaction. The private key can be used to sign and unlock the content in the certificate.

  • Indexing Protocol

An index is a data structure that is built to filter or locate relevant data needed to develop dApps on the blockchain. Since the blockchain has lots of data stored in blocks with a linear history, an index is useful for locating necessary information without having to go through each piece of data in each block. A good example is the Graph which is a decentralized off-chain indexing protocol that makes it easy to query different networks that store data on the blockchain. It provides an efficient means of retrieving data that contributes to the creation of fully decentralized applications.

  • InterPlanetary File System (IPFS)

IPFS is a protocol designed to make the web upgradeable, resilient and more open. It is a file distribution system and storage facility for all data from apps built on the blockchain and transfers information quickly across many platforms. IPFS allows users to host and receive content in a decentralized manner via peer-to-peer file sharing. This means that user-operators hold a portion of the overall data which creates a strong system of file storage and sharing”

Overall, Web 3.0 has an evolving tech stack currently comprising network, protocol, development, and user interface layers, which require an advanced spectrum of digital skills across areas like “smart contract development (through programming languages like solidity); front end web development (using web3.js, EthersJS, etc.); development environment (with tools like Remix IDE and Ethereum Virtual Machine); community management; and Web3 specific content (like NFTs)” (Agarwal 2022).

Associated Risks

Sources of risks must be understood in this new digital environment so that mitigating controls can be implemented  to reduce/eliminate vulnerabilities that can potentially compromise the entire network. Risk in this context is defined as any foreseen or unforeseen event that causes financial loss, invasion of privacy or stolen identity.

Cybersecurity Risk

Since the blockchain is an open distributed ledger, all information will be accessible in real time and moving rapidly across multiple platforms. Web 3.0 has generated a unique class of cyberthreats due to its decentralized nature. “While data and services reduce single points of attack, they have the potential to expose data to a broader set of risks” (Groopman 2022). Bad actors (with criminal intent) may seek to attack the network by a series of smart logic hacks which are used to exploit a wide range of functions and services, such as interoperability, crypto-loan services, project governance and wallet functionality. Another example is ice phishing where attackers maliciously convince users to sign a transaction which allows them to access and move assets to other parties. If history is any indication, there are several examples of data theft in other iterations of the Web that affected many individuals. Therefore, highly sophisticated security is necessary to support the architectural build of different platforms which seek to function in the Web 3.0 environment.

Custodial Risk

No central control authority exists in a decentralized blockchain technology system. This means that each user needs to understand their respective role, the associated tasks and responsibilities, and the associated risks. Responsibility is placed on the user to manage their private keys which provide them access to their digital tokens in a Web 3.0 environment. If the user loses their private key, they will not be able to regain access to their holdings at a central authority or request a new one. It is only possible to restore a private key if a suitable backup solution is in place” (PwC 2022). The management and storage of private keys will be critical since it provides proof-of-ownership for these assets which must be held in a digital wallet. Here, administration and adequate record keeping of multiple keys are necessary by all parties participating in the Web 3.0 environment.

Censorship-Resistance Risk

In a decentralized environment censorship resistance ensures that anyone can transact within a Web 3.0 environment once they follow the network protocol rules. Actors are also prevented from altering transactions on the blockchain. An archetypal way of thinking about an environment where ideas, communication, images and other material cannot be suppressed does open the platform to systematic desensitization in areas such as morality and values which will differ when adoption increases. Therefore, responsibility is placed on contributors to the network to build out the appropriate protocol rules prohibiting harmful and inappropriate content.

Regulatory Risk

The infancy of a fully decentralized Web environment presents some concern amongst regulators as they seek to understand the inherent risks and vulnerabilities that can severely impact participants. Different approaches have been taken in many jurisdictions to clearly define a core set of rules and principles necessary for market actors which utilize these emerging technologies to offer unique goods and services. Other regulators have tried to ban decentralized activities and designate certain users with rights to operate in the environment. However, it is evident that there are differing views in determining the appropriate supervisory actions necessary for mitigating risks and protecting consumers. This situation is exacerbated by the knowledge gap regarding how these technologies function and their classification, which presents a challenge for many regulators who are responsible for determining the appropriate framework or legislation necessary to aid in promoting beneficial aspects of Web 3.0, whilst curtailing various forms of risk.

Concluding Thoughts

As Web 3.0 continues to develop, it is important that the region advances regulatory and policy dialogue to shape the region’s inclusive, safe and sustainable participation in the digital economy.

Mr. Nikolai Layne is a Financial Strategist at Laissez Faire Associates and Mrs. Chelcee Brathwaite is a Trade Researcher at the Shridath Ramphal Centre for International Trade Law, Policy and Services, of the University of the West Indies’ Cave Hill Campus (Barbados).