At Sapphire, we believe the time for the Web3 developer has arrived. Don’t believe us? Take a look at these figures: More than 34,000 new developers committed to open source Web3 projects in 2021, which represented 65% of active developers in Web3 during the same year. And while the Bitcoin and Ethereum ecosystems maintain the largest share of Web3 developers, in 2021 developer growth in projects outside of these two ecosystems (e.g., Solana, BSC, NEAR, Avalanche) outpaced that of the two incumbents.
Given the rise of the Web3 developer, coupled with our passion for and experience in investing in DevOps companies, we decided to spend the last several months analyzing Web3 developer tools, enablement, and the future of the ecosystem.
But before we dive in, let’s take a look at the advent of the Web3 development ecosystem in the broader context of the evolution of the internet.
- Web 1.0, the first iteration of the world wide web, featured largely static and “read-only” pages from a server’s file system.
- Web 2.0 began the shift to a “read-write” internet, marked by the advent of social media platforms, which collect information on users to help provide more curated experiences based on their interests. Here, individuals can transact information and value, but this needs data transfer to be facilitated via a 3rd party. Without a doubt these third-parties (e.g., Google, Meta), have enabled global interconnectedness at multi-billion user scale, but not without allegations of data and privacy abuse.
- We’ve now entered Web 3.0 or “Web3”, which represents a paradigm shift where distributed users and machines are able to interact with data, value and other counterparties via a substrate of peer-to-peer networks–without need for third-party intermediaries. Web3 also creates the opportunity for individual users to manage and monetize their own data, free from centralized control.
The Web3 Flywheel
In some ways, Web3 parallels Web2 open-source software (OSS), as Web3 public protocols are often led by non-profit foundations that rely on contributions from developer communities. A key distinction (that Sapphire has previously written about) is that Web2 OSS contends with a tragedy-of-the-commons issue, in that most developers who use OSS never contribute back meaningfully to the projects they derive so much benefit from. Furthermore, the developers who do contribute to OSS projects generally do not benefit from their contributions (e.g., economically) beyond peer recognition unless they join a company commercializing the OSS project.
Web3 aims to remedy this phenomenon through the usage of token incentive structures. Once a blockchain protocol is established, tokens help to build the supply side of the network as an incentive for miners or validators. Miners or validators contribute the necessary computational resources that help establish the security and functionality for the relevant protocol. This creates the necessary infrastructure on top of which developers can build high utility applications that attract end users. And as community engagement strengthens, this will lead to increased token demand, reinforcing the Web3 flywheel. Furthermore, we also see several Web3 projects utilizing developer token grants to help ‘jump start’ the cycle.
Source: The Nifty Crypto Nomad
Incentivization methods notwithstanding, there are three key challenges in making the Web3 development flywheel spin:
- First and foremost, building smart contracts is a complex process that may require Web3 developers to learn new programming languages (e.g., Solidity, Rust).
- Second, developers must find ways to minimize the costs associated with smart contract function calls and storage or indexing while building highly performant applications.
- Once these challenges are solved, Web3 projects run the risk of being left with a functional smart contract that is limited to a single blockchain (e.g., an Ethereum smart contract cannot easily call a smart contract from Solana, and vice-versa), which may limit their user base.
In thinking about how to address these challenges, we at Sapphire take a first-principles approach, leveraging our experience having invested in software infrastructure companies in areas including CI/CD (CircleCI), API integration (MuleSoft, Apigee, Kong), artifact management (JFrog), cloud optimization (CloudHealth, Zesty), end-to-end testing (Cypress), and Observability (Sumo Logic, Moveworks, Catchpoint, OpsRamp, LogLogic). As we explore and look to invest in parallels and novel adjacencies in the Web3 ecosystem, we always return to the following fundamental questions based on our Web2 learnings:
- What major needs have yet to be met by existing tooling?
- Where does value accrue in the Web3 developer stack, and how will (or won’t) it accrue differently than in Web2?
- And finally, what will onboard 1 million developers into Web3?
We find this last question to be of particular importance – building highly performant decentralized applications that are interoperable across protocols represents a daunting challenge for Web2-native developers.
The Web3 Developer Tools Landscape
The Web3 dev tools ecosystem has been foundational for building primitive applications and supporting infrastructure. Nonetheless, we believe that in time, we will look back on the current landscape as having been only the early innings of blockchain tooling:
As we look at the evolution of the Web3 developer stack and draw-in our learnings from Web2, there are several key trends worth noting:
1. Expanding role of node infrastructure providers
Our investment in Blockdaemon has given us a front-row seat into the mission-critical function, as well as extensibility, of node infrastructure providers. We see companies within this category trending towards horizontal and vertical expansion.
Horizontal expansion takes the form of supporting additional protocols, while vertical expansion manifests in offering synergistic products such as staking, liquid staking, data and analytics APIs for building, maintaining, and monitoring decentralized apps, fiat <> crypto ramp, key management, and other value-additive tooling. These types of expansion initiatives are important, in the long-run, we believe node operations will have to decrease in complexity in a fundamental arc towards easier web3 onboarding, access, and usability.
2. Relevance for Web2 and Web3 languages
While Solidity (EVM) is a popular Web3-native language for smart contract development, Web2-native languages remain essential for blockchain developers. Rust exemplifies this reality – created in 2010 before the advent of crypto – it now serves as a foundational language for smart contracts built on protocols including Solana, Polkadot and NEAR.
3. Changing allegiance to development frameworks
Web3 development frameworks serve the important purpose of enabling activities such as managing code artifacts and test automation (an area we at Sapphire are familiar with from our investment in Cypress, the company behind the open-source Cypress framework for end-to-end web application testing).
Beginning in 2017, Truffle rose to prominence as the most popular smart contract development framework. However, since Truffle was acquired by ConsenSys in 2020, Hardhat has emerged as the development framework of choice for the EVM ecosystem due to superior testing speed and community responsiveness to support requests.
Source: NPM data for Hardhat and Truffle, respectively, as of August 31, 2022 via NPM-Stat
4. Intersectional relevance of community
With decentralization as a guiding principle of Web3, the crypto community has assumed an essential role in driving ecosystem growth. The impact has been palpable, and a driving reason behind how blockchain technology has grown from fringe subculture to visibility on a global magnitude.
Two areas in particular where we believe the influence of community is exciting include its intersections with security and education.
Community x Security: An unfortunate consequence of the speed at which blockchain-based applications are being built is that requisite security solutions have not been able to scale in lockstep. This dynamic has regrettably led to a number of high-profile DeFi security incidents, which in many cases have resulted in significant losses of funds.
It is becoming clear that community-built protocols will require community-built security solutions in order to keep up with a rapidly-expanding surface area vulnerable to security threats. With HackerOne as a Web2 analogy, companies like Immunefi (smart contract bug bounties) and protocols like Forta (decentralized runtime security) are addressing this major pain point with a strong community-driven approach.
Community x Education: The dearth of blockchain developers is well-documented, and unlocking additional developer adoption will be critical for the continued growth of the crypto ecosystem. Companies like Buildspace are working to address this shortage by curating a community of blockchain developers to BUIDL and collaborate. Akin to YCombinator, Buildspace facilitates cohesion among cohorts to drive collaboration and onboard new developers. Additionally, Moralis Academy offers a range of blockchain certification courses covering smart contract development, dApp programming, and various Web3 use cases (e.g., DeFi, Oracles).
For Web3 users seeking a less building-oriented experience with the goal of learning and interacting with new dApps, Rabbithole offers a “learn-to-earn” mechanism that allows users to earn tokens for completing specific onboarding actions for participating Web3 projects.
Onboarding the next one million Web3 developers
Based on our research and discussions with numerous companies and practitioners, we believe that the Web3 developer community is in its incipient stages. Despite its growth, the point at which the pool of Web3 talent will represent even a somewhat sizable fraction of Web2 talent is still far off.
Though it may seem counterintuitive, we have a thesis that the scarcity of talent further exemplifies the need for high-quality developer tooling at multiple layers of the stack. Particularly as the past few years have focused on building the core blockchain primitives and protocols, there will be a pressing need over coming years for second-order tooling to propagate more robust Web3 developer communities.
Specifically, we see the following three areas as key enablers for helping bridge the talent gap:
Smart Contract Tooling: Onboarding more developers into Web3 will require both frameworks that help abstract away the complexity for building cross-chain applications, as well as tooling that helps to develop, manage and scale smart contract operations.
- Cross-Chain Abstraction Tooling: The increasing demand for protocol interoperability and prevalence of bridges are testaments to the need for cross-chain blockchain compatibility. In this vein, we expect that abstraction frameworks that enable blockchain developers to code once and push to multiple chains will be core enablers for onboarding more Web2 developers into building Web3. As previously highlighted, Tatum enables developers to build cross-chain applications with abstracted API calls as opposed to direct node RPC calls. Moralis provides a managed back-end infrastructure for building high performing dApps, enabling developers to build front-end features that are cross-chain by default.
- Smart Contract Developer Platforms: While we anticipate abstraction frameworks to become increasingly popular, there will still be a formative role for tooling enabling developers to monitor the health of dApps and smart contracts. For instance, Tenderly provides development workflow tools that enable Web3 developers to access real-time monitoring, alerting, debugging and simulation tools for smart contracts. Blocknative provides tooling for mempool data exploration, gas fee estimation, and transaction simulation to help developers access insights from pre-chain data before deploying smart contracts or executing on-chain actions.
- Proliferation of Smart Contract Standards: Similar to how OSS frameworks have facilitated the growth of modern cloud applications in Web2, widespread adoption of open contract standards will be core to enabling frictionless development of Web3 apps. As deploying smart contracts with code vulnerabilities risks asset exposure and loss in a programmable, money-based internet, the imperative for more battle tested smart contract standards becomes table-stakes. OpenZeppelin provides a library of battle tested smart contracts, highlighting the most used implementations of ERC standards with which Web3 developers can hit the ground running for coding in Solidity. However, while OpenZeppelin Contracts has become a de facto standard in the Ethereum ecosystem, it begs the question – what will become the equivalent smart contract standard for non-EVM compatible protocols?
Web3 Security: If 2020 was marked by “DeFi Summer” and 2021 witnessed the “Explosion of NFTs,” then we think 2022 will be remembered as the year that best informed the need for “Web3 Security”. According to CertiK’s DeFi Security Report for 2021, the financial losses from hacks of DeFi projects more than doubled to $1.3B from the prior year. As projects such as cross-chain bridges have proven to be fairly susceptible to exploitation (informed by how much value is governed by their smart contracts), there is an imperative for better tooling that integrates security throughout the Web3 development lifecycle to help attract builders to the ecosystem.
- DevSecOps Tooling: As we have seen the Web2 security narrative first hand, we expect that more robust development, code review and monitoring and testing tools will be required to support the growth of the Web3 ecosystem. A more robust CI/CD pipeline for Web3 will include, but is not be limited to, the following:
- Secure Development Standards: As previously highlighted, standards for vetted and battle tested smart contracts across common token standards (e.g., ERC-20, ERC-721) allow for re-usage and thereby enable quicker development lifecycles. In addition to OpenZeppelin Contracts, Sourcify provides a decentralized metadata and source code repository, simplifying the process for publishing, as well as verifying source code. Kurtosis helps developers configure and orchestrate their testnet environments to perform end-to-end testing, and enables teams to deploy in CI environments using tools with which they are already familiar, such as CircleCI (a Sapphire portfolio company) or TravisCI. Consequently, developers are able to catch potential errors early in the development lifecycle as they model out unique and/or complex system configurations.
- Smart Contract Auditing: It is table-stakes for Web3 projects to undergo a formal code review from smart contract auditing firms (e.g., Quantstamp, Trail of Bits, OpenZeppelin, CertiK). The data agrees; most of the value that has been lost in crypto hacks and exploits has been associated with unaudited projects. Auditors use a combination of static and dynamic code review tools to test smart contract functionality and identify potential vulnerabilities in their clients’ code. As some firms can have 6+ month backlogs to perform audits, we anticipate that more automated code review tools will become important over time. Additionally, because auditors are uniquely positioned to assess protocol risk, it enables them to offer additional value-added services such as smart contract insurance, which will be critical to onramping more CeFi institutions and users into DeFi.
- Run Time Intelligence: The advent of monitoring tools that supervise governance functions, address interactions, etc. and issue alerts when certain thresholds are exceeded. Sentinels from OpenZeppelin Defender (centralized) and Forta (decentralized) are enabling monitoring and real-time alerting on cyber, financial, governance and operational threats to smart contracts. Beyond run time intelligence, OpenZeppelin Defender covers secure operations at multiple changes of smart contract development lifecycle.
- Penetration Testing: Similar to HackerOne for Web2, there will be a role to play for contracted developers to decentrally assess potential vulnerabilities to Web3 projects. As highlighted earlier, Immunefi structures bug bounty programs with ethical hackers that help to identify smart contract risks.
- Testing, Monitoring, & Evaluating Protocol Risk: Platforms such as Gauntlet and Chaos Labs are helping protocols optimize parameters to mitigate particular risk vectors. Their offerings can inform protocols on how best to lock in additional borrowing power while not exposing users to undue risk, or how to identify potential vulnerabilities to protocol updates before pushing to mainnet. The continued integration of these agent-based simulation and testing tools will help create more secure and resilient Web3 protocols. Furthermore, it is not inconceivable that similar risk tooling could be re-packaged for investors, stakers and DeFi community members to help incorporate risk assessments into investment decisioning and/or DAO governance proposal voting.
Simplified Developer Onboarding: As the Web3 stack becomes more mature, it will be important that new layers do not introduce additional friction points for developers. This includes documentation that is easy-to-use as well as token structures that do not impede developer adoption.
Already, there are signs of growing complexity as Web3 developers may be required to hold multiple token types for utilizing various decentralized storage, indexing, oracle, etc. services. This extra burden may stymie Web3 development and/or encourage developers to revert back to Web2 design principles for building applications.
This is why solutions such as Filebase are interesting–the company provides a S3-compatible API to connect to leading decentralized storage networks, mitigating the need for developer teams to buy or burn tokens. We also anticipate that protocols may band together over time to develop shared validator networks, which abstract away the complexity for developers to navigate multivarious token structures across protocols. One example could be a shared validator network that enables developers to access multiple indexing protocols through a single token type, while the validator network handles the token conversions behind-the-scenes for the various protocols.
We believe Web3 is in its early days but will soon redefine how financial products are delivered, how users engage with dynamic media content and ultimately, how software applications are built.
We’ve been fortunate to partner with a number of companies we believe will be of consequence in Web3, as well as many category-defining Web2 dev tools companies. To check out all of Sapphire’s investments, visit:https://sapphireventures.com/companies/
If you’re building a dev tools company for Web3 or one that adopts Web3 development principles, we’d love to hear from you: [email protected], [email protected], [email protected]
Special thanks to our contacts at GitPOAP, Kurtosis, Moralis, OpenZeppelin, Quantstamp, and others for their helpful input!
Nothing presented within this article is intended to constitute investment advice, and under no circumstances should any information provided herein be used or considered as an offer to sell or a solicitation of an offer to buy an interest in any investment fund managed by Sapphire Ventures (“Sapphire”). Information provided reflects Sapphires’ views as of a time, whereby such views are subject to change at any point and Sapphire shall not be obligated to provide notice of any change.
Various statements within this article reflect the beliefs of Sapphire, which are for informational purposes only and are in no way intended to constitute investment advice Such observations are based on various observations and assumptions, which are subject to change at any point and do not in any way represent official statements by Sapphire. No assurance can be given that all material assumptions have been considered in connection with the beliefs, therefore actual results may vary from those which may be estimated therein. Companies mentioned in this article are a representative sample of portfolio companies in which Sapphire has invested in which the author believes such companies fit the objective criteria stated in commentary, which do not reflect all investments made by Sapphire. A complete alphabetical list of Sapphire’s investments made by its direct growth and sports investing strategies is available here. No assumptions should be made that investments listed above were or will be profitable. Due to various risks and uncertainties, actual events, results or the actual experience may differ materially from those reflected or contemplated in these statements. Nothing contained in this article may be relied upon as a guarantee or assurance as to the future success of any particular company. Past performance is not indicative of future results.