BOS: The Universal Access Layer to the Blockchain
A collaborative research initiative by CMT Group and Proximity Labs
Author: Aryan Sheikhalian
Founded in 2015, CMT Digital is a leading global blockchain and Web3 venture capital firm focused on early-stage investments that accelerate the adoption of blockchain technology. We back outlier founders using blockchain technology to usher in a new era of the internet and disrupt large, global markets. This research piece collaborates with Proximity Labs, a NEAR-focused research and development firm, to elaborate on our thesis on NEAR and how the BOS intends to fill the missing blockchain layer: the user/interface layer.
Numerous Blockchains Coexist in the Current Landscape. Which One Is Right for You?
Given the existence of multiple blockchains with varying design choices, it can be a daunting task for new dApp entrants to decide which stack they want to use or build their project on.
In a nutshell, blockchains are simply execution environments for any application looking to provide a function to users. Given the variety of mechanism design choices made by various blockchains (developer tooling, smart contract language, access to liquidity, etc.), certain chains are more suitable for specific types of applications than others. For example, let us compare the tradeoffs when choosing between an optimistic rollup (Optimism or Arbitrum) and a Zero-Knowledge rollup (zkSync).
*This refers to EVM equivalency vs compatibility. See article here for explainer
These design differences provide certain tradeoffs that make each environment more or less suited to a particular type of application. For example, a DeFi protocol would probably be better positioned on a ZK Rollup due to its fast finality and need for strong cryptographic guarantees of security, whereas a social application may be better suited to an optimistic rollup, due to the ease of development.
The Problem of Blockchain Fragmentation
The blockchain landscape is rife with fragmentation, from liquidity splits and virtual machine incompatibilities to varied communication protocols due to the intense competition for widespread adoption. Each chain aspires to lure developers to craft applications that resonate with the most number of users and thereby emerge as the principal ledger. To illustrate, just within the Ethereum ecosystem, there are 32 Layer 2s (L2s) currently live with 21 more upcoming, all under the mission to scale Ethereum. Tech-wise, these 50+ L2s may deploy Optimistic or ZK proofs if they are rollups, or use stacks from StarkEx, Polygon, and zkSync. In terms of capital, a total of $15B in value is spread out across these chains.
(Source: L2BEAT)
Despite the siloing of capital, frictions faced by users and investors, and the additional effort required from developers to navigate new stacks, the resulting diversity could nonetheless be beneficial in terms of security and catering to the needs of different audiences. Therefore, the solution might not center around reducing the number of blockchains, but around creating a virtual environment that abstracts away the complexities of this world for the average user and offers a seamless user experience.
Blockchain Interfacing, As We Know It.
Fragmented UX
Let’s imagine a user who wants to interact with DeFi. Today, they would have to (1) select a specific blockchain to use, which might be imposed by the desired dApp, (2) create a wallet with a seed phrase that needs to be carefully stored, and maybe even a hard wallet, (3) move funds from their bank using an on-ramp app or via CEXs, (4) interact with the different dApps signing and executing transactions, and (5) maybe even move assets across different chains, making sure they get the correct RPC and other setups.
To add to this onboarding hassle imposed by the current wallet UX, discoverability is another issue plaguing blockchain interfacing. The competitive blockchain landscape is overwhelmed with new protocols and the dozens of dApps that are born on top of them. Today, there are 200+ chains, 3000+ DeFi protocols, and nearly 9000 cryptocurrencies. However, the current Web3 UX is that the burden of discovery and research lies on the user. There are certainly ecosystem directories or information dashboards that aggregate data across chains such as DeFiLlama or DappRadar, but there is no “App Store” or “Netflix”-equivalent that enables streamlined discovery and access.
Lifecycle of blockchain interaction by a user
What this means is that the current blockchain interaction is complex and still far from Web2 applications where you log in with your email and a password across all platforms, and the burden of security and discovery is not solely on the individual. Although most blockchain users will be familiar with all of this, we cannot expect less tech-savvy users to select the correct execution client or sign every transaction, as correctly deciphering these interfaces requires deeper technical understanding.
Security Concerns
To add to this onboarding friction that the user experiences, they currently face a minefield of malicious contracts that even experienced crypto “natives” struggle to avoid. For this article, we will break up hacks into two main categories: 1. blockchain code exploits, and 2. frontend exploits.
1. Blockchain code exploits occur when there is a fault in the logic of a smart contract that allows someone interacting with the contract to interact in a way other than the developer of that contract intended them to. An example would be a contract that allows a user to “re-enter” the contract before it has been executed, resulting in a reentrancy attack. For a more detailed explanation of reentrancy attacks, see this overview and X thread.
2. Frontend exploits occur when a user interacts with a contract other than the one with which they were aiming to interact. A common attack vector for hackers is the creation of a spoofed website, that looks identical to the one that a user is expecting to interact with, but on interaction will execute a different contract. If the user was expecting to conduct a swap between ETH and Aurora on Uniswap but conducted it on a spoofed website they thought was Uniswap, they could fall victim to this attack. This contract, instead of swapping from ETH to Aurora, could drain the user’s wallet of the ETH to which the interaction gave the contract access.
While methods for crypto exploits are diverse, recent frontend exploits of prominent DeFi protocols call attention to how vulnerable frontends can be.
(Source: Balancer)
(Source: CoinTelegraph)
The core issue is that while blockchains and smart contracts are decentralized and transparent, centralized web servers are not. Almost all interactions with decentralized protocols are done by interfacing with a centralized frontend website. The website may tell you it is executing a certain smart contract, but the actual logic is hidden behind private elements of the code. This allows the hacker to obfuscate their true intentions until the very last minute, when it is often too late to prevent. Can we really say that something is decentralized if it requires interfacing with a centralized server?
BOS: A Universal Access Layer
The BOS, or the Blockchain Operating System, is a new paradigm of blockchain interaction that completely abstracts away blockchain execution for the end user. This can be thought of as a new layer: the user layer, or the interface layer.
The four layers of NEAR’s modular tech offerings. Source: Modular and Monolithic
What would an ideal user layer look like? If we consider the fragmentation that currently exists, then the interface layer would best improve the usability of blockchain technology by being an aggregator of interactions so that for the end user the diversity and the complexities of the blockchain are abstracted away. In practice, this means aggregating virtual machine support and enabling the use of a variety of communication protocols to enable the user to interact with any application, across any blockchain, without having to control the native account directly, all within a unified interface.
Illustration of deployment of smart contracts on the Ethereum chain, and frontend code on the NEAR blockchain, both interacting seamlessly (Source: ETHGlobal Waterloo BOS Workshop)
Dap Dap, an upcoming BOS platform for L2s, demonstrates the power of BOS for user-level abstraction. In this example, Dap Dap offers a one-stop experience for DeFi on Polygon zkEVM from bridging to lending by aggregating BOS components of the top dapps into a unified interface.
In addition to the improvement in efficiency, the BOS provides a meaningful way by which we can protect user bases against security threats: decentralized frontends. When using the BOS one does not need to worry whether they are on a legitimate frontend, or whether they will be taken to the contract they expect. Not only will users always be able to check that they are on the correct gateway, but they can also verify the source code of the frontend components that make up the page because all BOS frontend code is on-chain and open-source. The BOS enables decentralized frontends to execute transactions on a decentralized backend, finally making the entire Web3 user journey truly permissionless.
Illustration of how the user discovery and interacts with the different dApps after discovering them through a specific gateway (Source: ETHGlobal Waterloo BOS Workshop)
What Becomes Possible with the BOS?
Frontend Verification
In blockchain, smart contract testing and audits are crucial for ensuring protocol reliability and user trust. However, there’s often a lack of a verification mechanism for the frontend UI, leaving users vulnerable to attacks mimicking legitimate designs. The BOS, through decentralized hosting and component-based design, enables frontend page verification. A component on the BOS could in the future confirm that UI elements correctly interact with expected smart contracts, enhancing security at the interaction level made theoretically feasible with zero-knowledge proofs. This approach extends security from transaction signatures to the frontend.
For example, the source code for this decentralized Lido frontend component is viewable on near.org, along with the 15K+ components currently live on the BOS.
Decentralization and Censorship Resistance
The benefit of fully on-chain frontend code lies not only in its ability to resist frontend hacks, but also in decentralization. Firstly, the BOS allows for true decentralization of apps by decentralizing the frontend as well as the backend. Secondly, the decentralization on the frontend level means BOS applications are more censorship-resistant, as the code is fully on-chain and cannot be meddled with by an external party. The only caveat in this regard is that, if the BOS components have to be accessed via website-hosted gateways, such gateways are hosted by third parties and may rely on centralized servers. That said, BOS components can also be accessed locally via downloadable Tauri app gateways, eliminating the third-party hosting present with website gateways.
Additionally, the permissionless and open-source nature of the BOS also allows for extended user control over their experience, allowing for UI rollback or community-driven customization; for instance, if a DAO were to curate a unique dashboard with the components of their choice on a gateway that they host. This is yet another way in which the BOS fosters decentralization, especially in the case of ecosystem pages or governance forums, which thus can be meaningfully handed off from the respective foundations and to the community.
User Experience
The current user experience for interaction with blockchains is not intuitive at all for any non “blockchain-native” user. The realization of the transformative potential of blockchains is critically dependent on simplifying the user experience, while maintaining security standards. Ethereum has been spending significant time trying to address the user-experience issues, with the release of ERC-4337 as an example.
The BOS can build simpler and more elegant user experiences thanks to the composable nature of its components. Composable frontends mean that components can be embedded in other applications, enabling a more integrated, seamless, one-stop user experience; in the same way that widgets do for traditional websites. For example, let’s say one of NEAR’s most popular dApps, Sweat Economy, was to operate its wallet as a BOS gateway. Sweat could then embed a swap widget powered by Ref Finance, an orderbook widget powered by Orderly, a multichain bridge widget, all within the Sweat wallet UI. Essentially, Sweat Wallet would act as a single user layer for different dApps across the NEAR ecosystem, or, even across external ecosystems, for their users.
When it comes to onboarding, the BOS has the added advantage of tooling such as FastAuth. The current mode of Web3 onboarding mandates users to create wallets, seed their wallets with the native token of the network (for which users need to initially purchase the token from a CEX), separately store and not lose a seed phrase for recovery, and so on. FastAuth allows a Web2-like journey where users can create a free account using biometrics, phone prompts, or an email address to access any BOS app. This allows users to quickly interact with an app and significantly reduces the friction associated with onboarding.
On near.org, you can easily create a new NEAR account using your email address, thanks to FastAuth.
FastAuth also addresses the burden of securely keeping seed phrases on the individual with no other option for recovery. In the future, with decentralized social recovery, users will have the option to designate trusted wallets or multi-sig contracts as their guardians during wallet set-up to help recover their accounts if they lose access. The fact that the BOS has this capability in production gives it an advantage over solutions that require separate integration.
FastAuth: [Explainer], Source for flow above
Developer Experience
Developer experience-wise, the BOS’ permissionless nature and the reusability of its components foster rapid iteration and modularity, reducing development effort and enhancing scalability in product development. The BOS’ strength especially shines when it comes to expanding the product offering at scale and pace, compared to native integrations on the protocol level.
For instance, wallets or portfolio projects often require weeks to months of development time for native chain integrations, along with dedicated resources for upkeep, and yet suffer from service disruptions when a chain undergoes upgrades or outages — which affects their users, though the problem does not stem from them. In comparison, if a wallet or portfolio project were to operate as a BOS gateway and approached chain integrations on the frontend level, the development time would be significantly reduced as they would not need to touch anything on the backend, and could reuse existing components or build upon them.
What Needs to Be Done for Full Realization of the Goals
Although significant developments have been made to the BOS since its release in February 2023, further improvements could be made to elevate the implementation to its desired end-state.
Library & Component Support
While the BOS currently has support for commonly used libraries such as ether.js, additional support for arbitrary libraries would help scale the rate of development occurring on the BOS. Furthermore, the continued expansion of components made available to builders will additionally scale the rate of development, as developers can leverage the verifiability and modularity of components to drastically reduce development timelines as components will no longer have to be made in-house.
Developer Experience More Broadly
Everything we have discussed thus far is also playing a role in improving the developer experience. Some progress has been made in this regard with BOS-specific integrated developer environments (IDEs), such as this VS code extension or an in-browser one by Jutsu.
While additional library and component support reduces developer lift, it also lays the groundwork for a no-code developer experience to be curated on BOS. With the use of base-level components, the BOS is positioned such that it could offer a uniquely effective no-code experience, again being able to verify BOS components allows for abstracting away many complexities from the developer experience without compromising on security.
Security
Security should always be top of mind and some additional tools can be implemented to improve the experience on the BOS.
Fuzzing is one such example, Fuzzing, also known as fuzz testing, is a software testing technique used to uncover security vulnerabilities in software applications. The method involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions, such as crashes, failing built-in code assertions, or potential memory leaks. A fuzzing tool for periodic testing would allow the extension of verifiability of components, to include security testing with all potential inputs, ensuring that developers can feel maximum peace of mind that not only can the user verify which contracts they are interacting with, but they can also be sure that frontend code logic will not allow them to take any unintended actions.
Smart Contract Composability with Frontend Components
Right now, BOS components can only be deployed manually, meaning that a developer has to implement any changes individually. Future upgrades to the BOS could introduce smart contract composability, meaning that BOS components can change as a result of state changes on a smart contract.
For example, let’s say Aave Labs were to deploy the Aave frontend on the BOS, and there were multiple different frontend designs available for an Aave rebrand (hypothetically), the Aave DAO could vote on which direction they want their branding to go and the BOS could update the frontend as a result of the actual on-chain vote. This reduces the avenues by which power in DAO structures can be centralized as no one party is responsible for the implementation of frontend changes.
Chain Abstraction
Just this November, NEAR made a series of announcements at NEARcon hinting at its new direction which is more Ethereum-aligned than ever. At a higher level, it’s not simply about being closer to Ethereum, but NEAR becoming a means to enable chain abstraction for an increasingly fragmented multichain world.
As a monolithic L1, NEAR is simultaneously becoming a modular tech stack to scale Ethereum. On the execution layer, NEAR is a flexible environment offering NEAR native runtime in Rust and WASM, NEAR EVM (Aurora) in Solidity, and now collaborating with Polygon to build a zkWASM L2 prover as a component for Polygon CDK. On the data availability layer, NEAR DA offers data availability to L2s that is reliable and significantly cheaper than some competitors. On the settlement layer, NEAR is collaborating with EigenLayer to provide 3-second finality to EVM rollups. On the user layer, the BOS abstracts away the hassle of Web3 onboarding and fragmented user experience.
The ultimate vision is one of chain abstraction, a world in which the user doesn’t have to think about the chain that they are on: a unified UI for any dApp on any chain; a single account that controls every account on any chain; in-app cross-rollup transactions and bridgeless cross-chain swaps in mere seconds. NEAR will be able to support all of these things soon, with the BOS being just one piece of this puzzle.
Proximity Labs talks further about chain abstraction and the NEAR modular thesis in their helpful X thread here.
In our eyes tooling in general is also just one piece of the puzzle. As a broader ecosystem, blockchain projects need to curate a UX that is easy to navigate. In this article, we aimed to draw attention to some of the initiatives that NEAR has in place to aid the developer community in the realization of these goals.
Further Resources
Get to Know the BOS: FastAuth for Easy, Web2 Style Onboarding and Account Recovery
Tauri app for BOS Gateways (Run BOS gateways locally)
Polygon zkEVM Interactive App Dashboard on the BOS
Mantle Ecosystem Gateway on the BOS
Coin98 Decentralized Dapp Store, Powered by BOS
Dap Dap hosts the frontend for Uniswap v3 on Linea
“Announcing Multichain Accounts (a.k.a Account Aggregation) on NEAR,” David Millar-Durrant (Pagoda)
“Monolithic and Modular,” Kendall Cole (Proximity Labs)
Chain Abstraction is NEAR: The Monolithic and Modular Thesis
***
About CMT
CMT Digital is a leading global blockchain and web3 venture capital firm focused on early-stage investments that accelerate the adoption of blockchain technology. Incepted in 2015, we were one of the earliest investment firms to allocate capital into the digital asset ecosystem. By 2018 we made our first venture investment and have invested in over 150 companies and protocols to date as we continue to push the blockchain ecosystem forward. We are investors in notable companies that are expanding the frontiers of web3, including Circle, Coinbase, ConsenSys, Crusoe Energy Systems, Dapper Labs, dYdX, FalconX, Horizon Blockchain Games, Lightning Labs, Pyth, Strike, Zero Hash among many others.
CMT Digital is also a division of CMT Group, which has been in operation for more than 25 years. Since inception, CMT Group has evolved into a diversified asset manager, with a portfolio that spans public and private equity, debt, real estate, technology, and digital assets. CMT relies on its seasoned team of professionals with significant trading, technology, investment, and legal experience to drive adoption of the digital asset ecosystem.
Website · Twitter · Get in Touch
****
About Proximity
Proximity is a research and development firm supporting the NEAR DeFi ecosystem through investments, developer support, open-source software, and advisory services. The Proximity team consists of former members of the NEAR Foundation, Binance, Consensys, Facebook, and more. It has advised numerous DeFi projects contributing to both NEAR and Aurora’s recent success.
Website · Twitter · Get in Touch
Disclosures
CMT Digital and Proximity Labs hold $NEAR and other tokens or investments that may be associated with protocols or projects mentioned in this article. The authors of this article have not purchased or sold any token for which the authors had material non-public information while researching or drafting this report. The statements and content in this article should not be misconstrued as a recommendation to purchase or sell any token, or to use any protocol. This article also contains forward-looking statements about third-party projects that the authors have no control over and, as such, actual future developments may be substantially different from the expectations described in the forward-looking statements for a number of reasons, including those that are not under the control of the authors. The content of this article reflects the opinions of its authors and is presented for informational purposes only. This is not and should not be construed to be investment advice.
