Hubble’s Road to Open-Source Smart Contracts

Hubble’s developers, as well as the developers from nearly every Solana project right now, had to figure out/are figuring out how to make everything work by themselves. It’s safe to say that Solana devs are solving problems, creating workarounds, and chewing glass at a frontier of computer science.

Hubble Protocol is on track to become a fully decentralized autonomous organization (DAO). DAOs thrive on transparency, and that means a DAO’s decentralized applications (dApps) should run on open-source code, so everyone can see what’s happening under the hood.

Right now, however, Hubble is still building the foundations for a DAO to stand on, and this means we definitely can’t go fully open-source just yet. There are a lot of reasons we’ve made this decision, and we’d like to share them in this article.

Rest assured, opening all of Hubble’s code to the public is a goal we’re working towards, but it's going to be a well-thought-out process, and it’s going to take time.

Hubble Is a Young Protocol Building On a Young Network

Hubble is a very young organization operating in the nascent industry known as decentralized finance (DeFi). On top of that, the protocol we’re building also resides on a network, Solana, that is still in beta–we’re really early here on many fronts.

Solana is an incredibly powerful network with a throughput that bests every other blockchain by quite a margin, and it’s a new technology that requires a lot of “chewing glass” from its developer community. Nearly everyone building on Solana is attempting something new.

Other blockchain ecosystem developers can poach years of Solidity code from other Ethereum Virtual Machine (EVM) compatible projects. Due to the fact that Solana is not EVM compatible, sourcing code from well-established projects isn’t really possible these days.

Rust Adds a New Dimension to Writing Smart Contracts

Forking, or copying and pasting the code from other projects, is a tremendously popular route for developing EVM compatible DeFi smart contracts.

Some argue that recycling Solidity code that works (and hasn’t been exploited) helps spur development. On the other hand, it can be argued that sharing so much code can lead to system-wide points of failure should bad actors finally discover an exploit.

By choosing Rust, instead of Solidity, as the code of choice for its dApp smart contracts, Solana introduced a kind of “speed bump” that prevents copy-paste projects from proliferating on the network. Essentially, developers need to write original code from scratch.

Rust has been voted the most loved programming language for six years in a row, but writing Rust-powered smart contracts on a blockchain is relatively uncharted territory.

Some Pretty Good Reasons to Remain Closed-Source

Hubble’s developers, as well as the developers from nearly every Solana project right now, had to figure out/are figuring out how to make everything work by themselves. It’s safe to say that Solana devs are solving problems, creating workarounds, and chewing glass at a frontier of computer science.

Keeping this in mind, it would be counter-productive for a project to give away all of this ingenuity and hard work before establishing its own share of users.

We’ve learned from the past that vampire attacks can be a popular way to launch a DeFi project, and we’d rather avoid seeing the DeFi ecosystem on Solana developing in this way.

An ambitious team could, theoretically, copy all of Hubble’s code, create a new user interface, and launch farming rewards to suck away users from our protocol.

Most likely, this will happen as we move towards open-source. So, we’d like to have a little breathing room to build a solid community before it does!

Open-Source Security Wields a Double-Edged Sword

When your code is open-source, anyone can scrutinize it to the nth degree. Good actors (white hats) can alert a protocol to possible security issues in a smart contract and receive bug bounty rewards for their work, but bad actors (black hats) can wreak havoc just as well.

The Solana community recently witnessed the second largest exploit in DeFi perpetrated by a bad actor that targeted the Wormhole bridge’s open-source code. This was the first major exploit of a smart contract written in Rust, and it most certainly won’t be the last.

While Hubble’s smart contracts have been audited three times by reputable third parties such as Kudelski, Arcadia, and Smart State, there’s really no telling what could happen when open-source code is released in the wild. This is true for every single DeFi project, not just Hubble.

We definitely don’t want to “move fast and break things” when users trust our smart contracts with their assets, so making sure our code is airtight before opening it to public scrutiny is a major priority at Hubble.

We’re Looking Forward to Solana’s Open-Source Future

Hubble isn’t the only project on Solana that’s holding back on opening up its smart contracts. In fact, it looks like the majority of DeFi projects on Solana are also closed-source.

It’s incredibly exciting to imagine how much innovation is brewing in the Solana DeFi community right now. Each of Solana’s closed-source projects is chewing glass to the max, working independently on solutions to myriad problems without resorting to copycat coding.

We’re building something special at Hubble Protocol, and our dev team is dripping with blood, sweat, and tears making it happen. Soon, everyone will be able to see the work that was put into making Hubble happen from the backend, but we’re going to make sure that happens at the right time.

Keep in Touch

Website | Twitter | Telegram | Discord | Email

You've successfully subscribed to Hubble Blog
Great! Next, complete checkout to get full access to all premium content.
Error! Could not sign up. invalid link.
Welcome back! You've successfully signed in.
Error! Could not sign in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Error! Billing info update failed.