TL;DR: This sensemaking report proposes a Gitcoin GG24 domain, âDeFi Transparency & Decentralization Assessmentâ (or âDeFi Curationâ), to fund open-source tools, standards, and education for evaluating DeFi protocol maturity and risks via quadratic/retroactive funding, sub-rounds, and expert involvement from DeFiScan, L2Beat, and more /decentrlization/cybersecurity researchers. It addresses the âdecentralization illusionâ in DeFiâwhere protocols claim decentralization but harbor hidden central risks like admin keys and unverified contracts.
Problem & Impact
The specific Ethereum problem we are addressing is the lack of a standardized, verifiable framework for assessing decentralization and maturity levels of DeFi protocols.
Many DeFi applications claim to be âdecentralized,â but in reality, they often rely on centralized components such as admin keys, points of failure in governance, oracles, collaterals, or opaque smart contract implementations. This creates a âdecentralization illusion,â where users believe they benefit from censorship-resistance and other decentralization advantages, but are actually exposed to hidden risks, such as centralized custody, unverified contracts, or a lack of protection against unwanted upgrades.
This issue is becoming increasingly important over time due to the explosive growth of DeFi on Ethereum and its ecosystems. As of August 2025, DeFiâs total value locked (TVL) has reached approximately $150 billion. Decentralized finance is experiencing significant growth and is a particularly innovative sector, but the decentralized aspect has been overlooked. This could be mitigated or avoided through proactive decentralization assessments, as these tools highlight hidden central points of centralization. For instance, protocols with upgradable contracts or oracle dependencies often fail visibility checks, contributing to billions in avoidable losses over time.
Most community members who are not here for speculation have similar concerns. Vitalik warned us in Cannes (and many times elsewhere) that Ethereum risks failure if decentralization becomes merely a catchphrase without concrete guarantees. KPMG also reports that DeFiâs âdecentralization illusionâ amplifies risks in areas like smart contract security, questioning the true extent of decentralization in many protocols.
Meaning Check: This matters deeply to users because it directly impacts their financial security and trust in the ecosystem. People lose funds in exploits, leading to real-world consequences like lost savings or halted innovation. Users arenât just chasing yields; they seek reliable, verifiable systems where decentralization isnât a marketing term but a protective mechanism against censorship and traditional finance flaws. Without it, participation in DeFi feels like gambling, deterring long-term adoption and contradicting Ethereumâs ethos of empowerment through transparency and censorship-resistance.
âMisnaming things is contributing to the worldâs despairâ â Albert Camus.
Sensemaking Analysis
The sensemaking process draws from diverse methodologies to differentiate genuinely decentralized DeFi protocols from those with hidden centralized permissions and dependencies.
Our main inspirations come from L2Beatâs methods for decentralization assessments about Layer 2s, Anticaptureâs frameworks for capture-resistant governance, DeFi Safetyâs protocol ratings, or Bluechip.org, which is a stablecoin rating agency. These inspirations led to the development of the DeFiScan methodology.,
.
These assessments focus on key metrics collected via permission scanners, documentation dissection by researchers, chain explorers, and tools like Tenderly.
Data is aggregated via API pulls and dashboards, synthesized from reports/documentations, tweets, and blogs, and validated through GitHub and Discord feedback. Furthermore, DeFiScanâs framework and website are under MIT license, meaning this is an open-source tool that anyone can use and change.
Gitcoinâs Unique Role & Fundraising
DeFiScan uses a bounty system to encourage people to create protocol reviews. Those bounties can go from $1,000 to $2,000, considering that a long codebase, a large number of permissions, or a large number of external dependencies mean higher payouts.
This bounty system is mandatory because creating a protocol review can take several weeks and requires a high level of technical expertise. This is where Gitcoin plays a unique role.
Gitcoin funding would enable DeFiScan and other domain participants to create many more decentralization / transparency reviews and significantly improve DeFi coverage. In addition, since the launch of DeFiScan, we have received numerous suggestions for improving the framework, and Gitcoin would be a great place to peer-review it.
Gitcoin can uniquely help solve this problem by channeling decentralization-aligned participants to fund and operate open-source tools and frameworks like DeFiScan, L2Beat, Anticapture, and Bluechip dashboards and scanners, amplifying community-driven transparency initiatives under MIT licenses. This fosters verifiable assessments of centralization risks, proposes a community-based standard for what DeFi apps should try to be, and directly addresses the decentralization illusion.
Fundraising Reality Check: Yes, raising $50K+ for this domain is feasible, given DeFiâs scale and stakeholder interest.
DeFiScan has already raised over $100K since October 2024 from sponsors including the Ethereum Foundation, Octant, Giveth, Devcon, and various DeFi protocols, as evidenced by our Gitcoin, Octant, and Giveth campaigns. Likely additional sponsors include security firms, risk agencies, and protocols seeking audited transparency.
Success Measurement & Reflection
We assess success with various metrics:
-
% TVL Reviewed
-
Growth of TVL in highly decentralized protocols.
-
Number of Changes Made: Track 10+ protocol upgrades (e.g., reduced centralization risks, verified contracts, integrated standards in multisig, exit windows, and frontends.
-
Important accounts following/mentioning decentralization and transparency framework through social media, official reports, and GitHub contributions.
Our main goal is to cover 90% of DeFiâs total TVL by November 2025. Currently, more than 80% of total TVL is already reviewed, and some protocols have already been acted upon following our reviews. For example, Uniswap V3 on Arbitrum has three unverified contracts before the review, and two of them were verified after it was published.
Genuine impact will be measured according to the measures DeFi protocols are taking to improve their decentralization.
Satisfaction Test: The Ethereum community will be genuinely glad we funded this domain long-term if it leads to safer, more transparent DeFi standards, solidifying Ethereum as the financial layer of the internet.
Domain Information
Yes, we are proposing a domain for GG24:
âDeFi Transparency and Decentralization Assessment.â or âDeFi Curationâ
This domain will focus on funding projects that build verifiable tools for evaluating protocol maturity, risks, and decentralization stages.
Domain experts could include the DeFiScan team, L2Beat contributors, and security/decentralization researchers from EVM and cybersecurity ecosystems adhering to the scientific method, public good funding, and the open source attitude.
We pitch a mix of mechanisms: quadratic funding for broad community input, retroactive funding for proven impacts, and governance tokens to influence DAO programs targeting DeFi users.
We foresee multiple sub-rounds: one for assessment tools (e.g., dashboards, permission scanners, APIs); one for education and standards (e.g., framework updates, conference participation, integrations with academic/private curricula and DAO ecosystems like L2s and DeFi apps). This ensures funding what truly matters, aligning capital with meaning in a cyberpunk, public-good mindset.
Thanks for reading all this! We are eager to discuss this potential âDeFi curationâ domain and set a standard with the Gitcoin community!