James on Farcaster

James pfp

1/9 Mini-App Decentralisation Check: QR Coin Today I'm looking at https://qrcoin.fun by @jake If you haven’t seen it: it’s a daily auction where the winner decides where a permanent QR code points for 24h This isn't an audit, just a decentralisation check. What’s onchain? What’s not? Where’s the trust?

1 reply

5 recasts

10 reactions

James pfp

2/10 The Good and the Bad **Good:** - Verified smart contract - Onchain URL logic - Public builder **Tradeoffs:** - Closed frontend - Owner + whitelist control Let’s dig in...

1 reply

0 recast

2 reactions

James pfp

3/10 What's onchain, what's not Onchain on Base: - Auction logic: time extension, refunds, etc. - Bids in USDC - Winning URL is stored in contract state Offchain: - QR redirects - Viewer rewards - Whitelist of addresses that can settle the auction

1 reply

0 recast

2 reactions

James pfp

4/10 What's under the hood? Each bid includes a destination URL. When the auction ends, a whitelisted address (a “settler”) calls a function to: - Set the winning URL onchain - Start the next auction This is all handled in a verified contract https://basescan.org/address/0x6207674cc6db2687308f1fb37df1c7b8990c199b

1 reply

0 recast

2 reactions

James pfp

5/10 The onchain logic is solid, however... – Only pre-approved (who??) addresses can settle – The contract is upgradeable by a single owner – No multisig, no DAO, no clear off-ramp from central control So the mechanics are good, but control is centralized.

1 reply

0 recast

2 reactions

James pfp

6/10 The frontend is a single point of failure The QR points to a frontend that queries the contract + redirects users. But: – It’s closed source (so I'm assuming some stuff) – If it stops respecting the contract, the whole thing falls apart – No insight into how rewards are distributed

1 reply

0 recast

2 reactions

James pfp

7/10 Viewer incentives Users are paid to scan and visit the daily winner’s link - and that attention is the core utility. In my opinion, it doesn’t matter whether that reward flow is decentralized. It just has to happen. If this stops, the app dies. So @jake 's incentives are aligned with the users (for now).

1 reply

0 recast

3 reactions

James pfp

8/10 Social capital and trust @jake, the builder, is extremely public. Daily updates. Real skin in the game. Tons of social capital tied to it. This is by no means a trustless system, but at least you know WHO you're trusting.

1 reply

0 recast

3 reactions