Skip to main content

Decentralized Web

The code is law rule is a cornerstone of DeFi. It states among other things that once successfully audited, a program can remain trusted. This implies that the program of a successfully audited smart contract may never be unexpectedly changed by an outsider. Popular ETH smart contracts essentially follow that rule.

However, most DeFi web3 apps such as are typically used through an otherwise normal website that talks to a browser plugin (typically Metamask) allowing the webpage to interact with the user's wallet and the blockchain. The website that serves as an entry point to the dApp is neither decentralized nor immutable-once-audited. This breaks the very foundation of blockchain security.

This attack vector has been well identified by exploiters and, as smart contracts become more robust, exploiters are increasingly targeting front ends. For instance, in 2022, one of the major DeFi protocols, Curve Finance, fell victim to DNS hijacking, with hackers managing to steal as much as $575k from users. As long as decentralized applications rely on Web 2.0 infrastructure, these attacks are bound to happen regularly.

Massa Station

The goal of Massa's decentralized web is to allow users to store websites without using any centralized party in between your client and the blockchain. Since the front-end is hosted on the blockchain, anyone can access it using a Massa node.

To this end Massa has developed a client that acts as a gateway to the blockchain preventing you from using any centralized servers effectively maximizing your security with immutable and censorship-resistant websites. That way, Massa allows deploying fully decentralized code-is-law apps, as it was meant to be!

Start your decentralized web3 journey now, and install Massa Station. Massa Station allows you to navigate Massa web3 content and to store your own website.


Note that you would typically not host all assets, images and other non-essential data on-chain, but only the critical functioning parts that need auditing and the subsequent security guarantees. The rest can typically be hosted on IPFS or some other decentralized storage solution.