GG24 Sensemaking Report: DeFi Transparency and Decentralization Assessment

TL;DR: This sensemaking report proposes a Gitcoin GG24 domain, “DeFi Transparency & Decentralization Assessment” (or “DeFi Curation”), to fund open-source tools, standards, and education for evaluating DeFi protocol maturity and risks via quadratic/retroactive funding, sub-rounds, and expert involvement from DeFiScan, L2Beat, and more /decentrlization/cybersecurity researchers. It addresses the “decentralization illusion” in DeFi—where protocols claim decentralization but harbor hidden central risks like admin keys and unverified contracts.

Problem & Impact

The specific Ethereum problem we are addressing is the lack of a standardized, verifiable framework for assessing decentralization and maturity levels of DeFi protocols.

Many DeFi applications claim to be “decentralized,” but in reality, they often rely on centralized components such as admin keys, points of failure in governance, oracles, collaterals, or opaque smart contract implementations. This creates a “decentralization illusion,” where users believe they benefit from censorship-resistance and other decentralization advantages, but are actually exposed to hidden risks, such as centralized custody, unverified contracts, or a lack of protection against unwanted upgrades.

This issue is becoming increasingly important over time due to the explosive growth of DeFi on Ethereum and its ecosystems. As of August 2025, DeFi’s total value locked (TVL) has reached approximately $150 billion. Decentralized finance is experiencing significant growth and is a particularly innovative sector, but the decentralized aspect has been overlooked. This could be mitigated or avoided through proactive decentralization assessments, as these tools highlight hidden central points of centralization. For instance, protocols with upgradable contracts or oracle dependencies often fail visibility checks, contributing to billions in avoidable losses over time.

Most community members who are not here for speculation have similar concerns. Vitalik warned us in Cannes (and many times elsewhere) that Ethereum risks failure if decentralization becomes merely a catchphrase without concrete guarantees. KPMG also reports that DeFi’s “decentralization illusion” amplifies risks in areas like smart contract security, questioning the true extent of decentralization in many protocols.

Meaning Check: This matters deeply to users because it directly impacts their financial security and trust in the ecosystem. People lose funds in exploits, leading to real-world consequences like lost savings or halted innovation. Users aren’t just chasing yields; they seek reliable, verifiable systems where decentralization isn’t a marketing term but a protective mechanism against censorship and traditional finance flaws. Without it, participation in DeFi feels like gambling, deterring long-term adoption and contradicting Ethereum’s ethos of empowerment through transparency and censorship-resistance.

“Misnaming things is contributing to the world’s despair” – Albert Camus.

Sensemaking Analysis

The sensemaking process draws from diverse methodologies to differentiate genuinely decentralized DeFi protocols from those with hidden centralized permissions and dependencies.

Our main inspirations come from L2Beat’s methods for decentralization assessments about Layer 2s, Anticapture’s frameworks for capture-resistant governance, DeFi Safety’s protocol ratings, or Bluechip.org, which is a stablecoin rating agency. These inspirations led to the development of the DeFiScan methodology.,
.
These assessments focus on key metrics collected via permission scanners, documentation dissection by researchers, chain explorers, and tools like Tenderly.

Data is aggregated via API pulls and dashboards, synthesized from reports/documentations, tweets, and blogs, and validated through GitHub and Discord feedback. Furthermore, DeFiScan’s framework and website are under MIT license, meaning this is an open-source tool that anyone can use and change.

Gitcoin’s Unique Role & Fundraising

DeFiScan uses a bounty system to encourage people to create protocol reviews. Those bounties can go from $1,000 to $2,000, considering that a long codebase, a large number of permissions, or a large number of external dependencies mean higher payouts.
This bounty system is mandatory because creating a protocol review can take several weeks and requires a high level of technical expertise. This is where Gitcoin plays a unique role.

Gitcoin funding would enable DeFiScan and other domain participants to create many more decentralization / transparency reviews and significantly improve DeFi coverage. In addition, since the launch of DeFiScan, we have received numerous suggestions for improving the framework, and Gitcoin would be a great place to peer-review it.

Gitcoin can uniquely help solve this problem by channeling decentralization-aligned participants to fund and operate open-source tools and frameworks like DeFiScan, L2Beat, Anticapture, and Bluechip dashboards and scanners, amplifying community-driven transparency initiatives under MIT licenses. This fosters verifiable assessments of centralization risks, proposes a community-based standard for what DeFi apps should try to be, and directly addresses the decentralization illusion.

Fundraising Reality Check: Yes, raising $50K+ for this domain is feasible, given DeFi’s scale and stakeholder interest.
DeFiScan has already raised over $100K since October 2024 from sponsors including the Ethereum Foundation, Octant, Giveth, Devcon, and various DeFi protocols, as evidenced by our Gitcoin, Octant, and Giveth campaigns. Likely additional sponsors include security firms, risk agencies, and protocols seeking audited transparency.

Success Measurement & Reflection

We assess success with various metrics:

  • % TVL Reviewed

  • Growth of TVL in highly decentralized protocols.

  • Number of Changes Made: Track 10+ protocol upgrades (e.g., reduced centralization risks, verified contracts, integrated standards in multisig, exit windows, and frontends.

  • Important accounts following/mentioning decentralization and transparency framework through social media, official reports, and GitHub contributions.

Our main goal is to cover 90% of DeFi’s total TVL by November 2025. Currently, more than 80% of total TVL is already reviewed, and some protocols have already been acted upon following our reviews. For example, Uniswap V3 on Arbitrum has three unverified contracts before the review, and two of them were verified after it was published.

Genuine impact will be measured according to the measures DeFi protocols are taking to improve their decentralization.

Satisfaction Test: The Ethereum community will be genuinely glad we funded this domain long-term if it leads to safer, more transparent DeFi standards, solidifying Ethereum as the financial layer of the internet.

Domain Information

Yes, we are proposing a domain for GG24:

“DeFi Transparency and Decentralization Assessment.” or “DeFi Curation”

This domain will focus on funding projects that build verifiable tools for evaluating protocol maturity, risks, and decentralization stages.

Domain experts could include the DeFiScan team, L2Beat contributors, and security/decentralization researchers from EVM and cybersecurity ecosystems adhering to the scientific method, public good funding, and the open source attitude.

We pitch a mix of mechanisms: quadratic funding for broad community input, retroactive funding for proven impacts, and governance tokens to influence DAO programs targeting DeFi users.

We foresee multiple sub-rounds: one for assessment tools (e.g., dashboards, permission scanners, APIs); one for education and standards (e.g., framework updates, conference participation, integrations with academic/private curricula and DAO ecosystems like L2s and DeFi apps). This ensures funding what truly matters, aligning capital with meaning in a cyberpunk, public-good mindset.

Thanks for reading all this! We are eager to discuss this potential “DeFi curation” domain and set a standard with the Gitcoin community!

1 Like

Draft Scorecard

2025/08/18 - Version 0.1.1

By Owocki

Prepared for MarcVlad re: “GG24 Sensemaking Report: DeFi Transparency and Decentralization Assessment”

(vibe-researched-and-written by an LLM using this prompt, iterated on, + edited for accuracy quality and legibility by owocki himself.)

Proposal Comprehension

TITLE
GG24 Sensemaking Report: DeFi Transparency and Decentralization Assessment

AUTHOR
MarcVlad

URL
https://gov.gitcoin.co/t/gg24-sensemaking-report-defi-transparency-and-decentralization-assessment/22966

TLDR

You propose a GG24 domain focused on DeFi transparency and decentralization assessment (aka DeFi curation). The domain would fund open source tools, standards, and education that evaluate protocol maturity and centralization risk. Mechanisms include quadratic funding for broad input, retroactive funding for proven impact, and sub rounds for tools and for education. You expect collaboration with DeFiScan, L2Beat, security and decentralization researchers, and related initiatives. The intent is to chip away at the decentralization illusion in DeFi by making risks visible and incentivizing concrete improvements.

Proposers

Proposer
MarcVlad

Their credentials
Driving DeFiScan’s open source framework and bounties for protocol reviews. Claims prior fundraising from EF, Octant, Giveth, Devcon, and various DeFi protocols. Familiar with adjacent efforts like L2Beat, Anticapture, DeFi Safety, and Bluechip.

Domain Experts

Proposed experts
DeFiScan team, L2Beat contributors, EVM security and decentralization researchers, risk agencies.

Their credentials
Track records in public goods transparency tooling, security research, and protocol risk analysis. Not all named individuals appear to be confirmed yet in this thread, which matters for execution.

Problem

There is no common, verifiable framework to assess how decentralized a DeFi protocol really is. Marketing often overstates decentralization while admin keys, upgradeability, oracles, unverified contracts, or opaque governance hide central points of failure. Users and allocators lack an easy way to compare risk and maturity.

Solution

Fund open source assessment frameworks, scanners, dashboards, and documentation to surface decentralization risks and standards. Use bounties to scale rigorous protocol reviews. Run sub rounds for tool builders and for education and standards. Measure success by share of TVL reviewed, protocol changes prompted by reviews, and growth in usage of more decentralized options.

Risks

Execution risks
• Reviewer supply and rigor. Recruiting enough technically strong, conflict free reviewers and maintaining consistent methodology is hard, especially at scale.
• Conflicts of interest. If protocols fund reviews, you need clear COI policies and public disclosures.
• Method drift and disagreement. Aligning on definitions of “decentralized enough,” weighting of dimensions, and updating the framework as tech evolves will be contentious.
• Duplication and ecosystem fit. This must complement, not fragment, adjacent efforts from L2Beat, DeFi Safety, Bluechip, and security firms.
• Metrics integrity. “% TVL reviewed” and “TVL growth of highly decentralized protocols” can be confounded by market cycles, incentives, and chain migrations.
• Timeline. Meaningful protocol changes by October require already lined up targets, reviewers, and bounty ops.
• Legal and reputational friction. Negative findings can create pressure. You will need strong editorial independence and clear process.

Outside Funding

Yes. DeFiScan claims more than $100k raised since Oct 2024 from EF, Octant, Giveth, Devcon, and various protocols. Security firms and risk agencies are listed as likely sponsors. Clarity on which parts are committed versus prospective would strengthen the case.

Why Gitcoin?

Gitcoin can convene aligned contributors, distribute bounties at scale, and run plural mechanisms that reward both early signal and proven impact. The public goods ethos, community reach, and round ops make Gitcoin a uniquely good fit to steward an open, verifiable standard rather than a walled product.

Owockis scorecard

# Criterion Score (0-2) Notes
1 Problem Focus – Clearly frames a real problem (one that is a priority), avoids solutionism 2 Clear articulation of the decentralization illusion and user risk. Directly relevant to Ethereum’s credibility and safety.
2 Credible, High leverage, Evidence-Based Approach – Solutions are high leverage and grounded in credible research 1 Builds on known frameworks and open methods. Bounties to scale reviews, plus standards and education. High leverage if executed rigorously. Might be trying to go too broad by proposing qf/retro/others at once.
3 Domain Expertise – Proposal has active involvement from recognized experts 1 Strong ecosystem signals, but expert commitments are implied rather than confirmed by name in the thread. Locking named reviewers and advisors would earn a 2.
4 Co-Funding – Has financial backing beyond just Gitcoin 1 Prior fundraising noted and plausible additional sponsors. Would benefit from explicit letters of intent or MOUs.
5 Fit-for-Purpose Capital Allocation Method – Methodology matches the epistemology of the domain 1 QF plus retro is maybe too broad? Maybe just focus on one mechanism?
6 Execution Readiness – Can deliver meaningful results by October 1 Bounties and reviews can start quickly, but “meaningful results” requires named collaborations, a review backlog, and process tooling ready now.
7 Other – vibe check and anything missed 2 Open source, verifiability, and community standards are the right north star. The tone is collaborative and public good aligned. Ensure independence and rigor.

Score

Total Score: 9 / 14
Confidence in score: 75%

Feedback:

Major

• Confirm named expert partners and a reviewer pool with CVs, time commitments, COI disclosures, and pay bands. This is the difference between a good idea and reliable signal.
• Confirm outside funders
• narrow to one mechanism

Minor

• Define a minimal, comparable “decentralization grade” per protocol plus a checklist that everyday users can grasp.
• Pre announce 5 to 10 target protocol reviews for September to prove pace and depth, then scale.
• Align with L2Beat, DeFi Safety, Bluechip to prevent duplication.

Steel man case for/against:

For

This targets a first order Ethereum priority: credible decentralization. Open assessments nudge protocols to remove central points of failure, improve contract verification, add exit windows, and harden governance. With Gitcoin’s mechanisms and DeFiScan’s momentum, the domain can produce verifiable public goods that compound over time.

Against

Assessment quality is fragile. Without named experts, strong COI policies, and a rigorous, transparent rubric, outputs risk becoming noise or capture. If adjacent efforts are not coordinated, we fragment attention and dilute signal. Metrics like “% TVL reviewed” can overstate safety and become a vanity target.

Rose/ Bud/Thorn

Rose
Open source, verifiable assessments that push protocols to fix centralization risks. Strong alignment with Ethereum’s ethos and Gitcoin’s public goods mission.

Thorn
Rigor and neutrality are hard. Without locked in experts, COI rules, and a transparent rubric, outputs could be questioned or gamed. Coordination with existing orgs is essential to avoid duplicative reviews.

Bud
If you ship a credible rubric, shared data schema, and a cross org reviewer network, this could grow into the canonical decentralization standard that wallets, explorers, and treasuries rely on at allocation time.

Feedback

Did I miss anything or get anything wrong? Feel free to reply in the thread and I will iterate quickly.

Research Notes

I relied on the proposal thread for details about scope, mechanisms, experts, and funding. Open questions I would like to verify next:
• Which specific experts are committed and for how many reviews per month.
• Reviewer pipeline, training, and QA process, including second reviewer checks and appeals.
• COI policy when a protocol or its investors sponsor a review.
• Shared data formats with L2Beat, DeFi Safety, and Bluechip, and any formal coordination plan.
• Evidence behind the “80 percent TVL already reviewed” claim and examples of protocol changes prompted by reviews, with links to diffs and commits.
• A September to October milestone plan with 5 to 10 named protocol reviews, acceptance criteria, and budget per deliverable.

Welcome back @MarcVlad.

Evaluated using my steward scorecard — reviewed and iterated manually for clarity and alignment with GG24 criteria.


:white_check_mark: Submission Compliance

  • Problem, sensemaking, domain info, fundraising, and metrics are all included
  • References active prior funding ($100K+ from EF, Octant, Giveth, Devcon, protocols)
  • Experts listed as “DeFiScan team, L2Beat, decentralization/security researchers” but not individually confirmed
  • Mechanisms (QF + retro) are listed but execution structure feels broad and under-specified
  • Verdict: Compliant but expert commitments + mechanism clarity are weak spots

:bar_chart: Scorecard Evaluation

Total Score: 9 / 16

Criteria Score Notes
Problem Clarity 2 Frames the “decentralization illusion” crisply; directly tied to Ethereum credibility and user safety
Sensemaking Approach 1 Builds on frameworks like L2Beat, DeFi Safety, Bluechip; but doesn’t show rigorous comparative synthesis or adoption plan
Gitcoin Fit 2 Strong fit — Gitcoin can convene bounties, plural mechanisms, and community standards
Fundraising Plan 1 Prior funding noted ($100K+), but GG24 round-specific anchors not yet committed
Capital Allocation Design 1 QF + retro + bounties is overbroad; could benefit from focusing on one fit-for-purpose mechanism
Domain Expertise 1 DeFiScan credible, but no confirmed independent reviewers/advisors named in-thread
Clarity & Completeness 1 Proposal is structured but risks “method drift” without clear rubric or reviewer pipeline
Gitcoin Support Required 0 Would require significant Gitcoin scaffolding: reviewer pool, COI rules, governance clarity

:pushpin: Feedback for Improvement

Where I agree with Owocki:

  • Need named experts and reviewer commitments with bios, availability, and COI disclosures.
  • Outside funders should be confirmed with at least one LOI before launch.
  • Mechanism mix is overstuffed — narrowing to one (bounties with QF, or retro) would help with focus and credibility.

What I’d add:

  • Define a minimum viable rubric: e.g., checklist of contract verification, key management, governance openness, oracle dependencies.
  • Publish 5–10 named protocol reviews for October as early deliverables — “90% TVL reviewed” is aspirational but too fuzzy.
  • Consider partnering formally with L2Beat, Bluechip, DeFi Safety to avoid fragmentation — shared data schema + reviewer pool could make this the canonical standard.
  • Plan for legal/reputational pressure — protocols may push back if flagged as centralized; editorial independence matters.

:yellow_circle: Conditional Support

I would support this if:

  • At least 2–3 independent expert reviewers are confirmed with disclosed roles
  • One anchor co-funder signs on (security firm, EF, or major DeFi protocol)
  • October deliverables are locked (published reviews, rubric, public dashboard)

Without these, the risk is producing noise or duplicative work that doesn’t land as a credible Ethereum-wide standard. With them, this domain could become the reference framework for decentralization in DeFi, pushing protocols toward real neutrality and safety.