Managing dApp wallets on Koinos
Managing your crypto wallet is a lot of personal responsibility. You need to be careful not to connect your wallet to untrustworthy dApps. In fact, it's best if you spread your holdings across multiple wallets to prevent losing everything in one mistake. Despite all of this, it's actually not that hard to manage your own crypto.
Depending on your blockchain, managing wallets can get more complicated for dApps.
On Ethereum, smart contracts are deployed to their own address. You don't manage the private key for that address because you can't upgrade contracts or do anything else with contract addresses after uploading your code. There's nothing to manage. Just remember the public address of the contract.
You can choose to complicate the situation by implementing code that allows for upgrades, transfers, etc. (common for multisig wallets, diamonds, etc.) But you still don't manage private keys for the contracts themselves.
On Koinos, there's no distinction between contract addresses and externally owned addresses. You can upload a smart contract to the same wallet where you keep your tokens. This design choice is very powerful because it gives complete control to the developer. However, it introduces complexity for managing wallets and for dApp user due diligence.
dApp wallet management
If you're building a sufficiently complex dApp, you're probably going to upload multiple smart contracts. This means you need to manage different private keys for each contract. Importantly, this is just the default behavior. It may be appropriate to disable contract upgrades and other actions for some of these wallets. In time, we'll have better tooling for dApp wallet management, but the job is a bit tedious during development for now.
dApp user due diligence
Because the developer holds the private keys for contract addresses, dApp users need to consider what governance system is in place before depositing tokens in a contract. At minimum, there needs to be a multisig on the account with token transfers disallowed. This will prevent a solo developer from withdrawing the contract balance. Also because contracts can be upgraded, you have to consider the current version of the code vs what it could possibly change into with upgrades.
For top tier dApps on Koinos, everything should be managed by a DAO while keeping contract features and permissions as limited as possible.
This level of care is only necessary when your contract puts users' money at risk. If you're developing a game that never takes money out of user wallets, you may be able to get away with a simpler structure.
-Luke
P.S. Despite the additional effort for developers, I would rather have this level of freedom. There's lots of opportunity to develop best practices and efficiencies. Not to mention completely new ways of doing things unseen on other blockchains.