James pfp
James
@theref
1/9 Mini-App Decentralisation Check: QR Coin Today I'm looking at https://qrcoin.fun by @jake If you haven’t seen it: it’s a daily auction where the winner decides where a permanent QR code points for 24h This isn't an audit, just a decentralisation check. What’s onchain? What’s not? Where’s the trust?
1 reply
5 recasts
10 reactions
James pfp
James
@theref
2/10 The Good and the Bad **Good:** - Verified smart contract - Onchain URL logic - Public builder **Tradeoffs:** - Closed frontend - Owner + whitelist control Let’s dig in...
1 reply
0 recast
2 reactions
James pfp
James
@theref
3/10 What's onchain, what's not Onchain on Base: - Auction logic: time extension, refunds, etc. - Bids in USDC - Winning URL is stored in contract state Offchain: - QR redirects - Viewer rewards - Whitelist of addresses that can settle the auction
1 reply
0 recast
2 reactions
James pfp
James
@theref
4/10 What's under the hood? Each bid includes a destination URL. When the auction ends, a whitelisted address (a “settler”) calls a function to: - Set the winning URL onchain - Start the next auction This is all handled in a verified contract https://basescan.org/address/0x6207674cc6db2687308f1fb37df1c7b8990c199b
1 reply
0 recast
2 reactions
James pfp
James
@theref
5/10 The onchain logic is solid, however... – Only pre-approved (who??) addresses can settle – The contract is upgradeable by a single owner – No multisig, no DAO, no clear off-ramp from central control So the mechanics are good, but control is centralized.
1 reply
0 recast
2 reactions
James pfp
James
@theref
6/10 The frontend is a single point of failure The QR points to a frontend that queries the contract + redirects users. But: – It’s closed source (so I'm assuming some stuff) – If it stops respecting the contract, the whole thing falls apart – No insight into how rewards are distributed
1 reply
0 recast
2 reactions
James pfp
James
@theref
7/10 Viewer incentives Users are paid to scan and visit the daily winner’s link - and that attention is the core utility. In my opinion, it doesn’t matter whether that reward flow is decentralized. It just has to happen. If this stops, the app dies. So @jake 's incentives are aligned with the users (for now).
1 reply
0 recast
3 reactions
James pfp
James
@theref
8/10 Social capital and trust @jake, the builder, is extremely public. Daily updates. Real skin in the game. Tons of social capital tied to it. This is by no means a trustless system, but at least you know WHO you're trusting.
1 reply
0 recast
3 reactions
James pfp
James
@theref
9/10 Suggestions This is a great app, and the most important flow is fully decentralized. But as the project grows, risks grow too. Suggestions (not required, just improvements): – Open source the frontend – Decentralise the settler role – Consider ENS-based redirects https://docs.ens.domains/resolvers/writing
1 reply
0 recast
2 reactions