Blockchain-Based Decentralized Application: A Survey

Blockchain-based decentralized applications (DApp) draw more attention with the increasing development and wide application of blockchain technologies. A wealth of funds are invested into the crowd-funding of various types of DApp. As reported in August 2022, there are more than 5,000 DApps with more than 1.67 million daily Unique Active Wallets (users). However, the definition, architectures, and classifications of the DApps are still not cleared up till now. This survey aims to provide a comprehensive overview of DApps for further research. First, the definitions and typical architectures of DApps are presented. Then we collect 3,118 popular DApps and categorize them into different types, and summarize their typical advantages and challenges. Finally, we provide an overview of the recent research problems of DApps from the perspectives of economics, security, and performance and then figure out promising research opportunities in the future.


I. INTRODUCTION
The idea of blockchain was first proposed as the underlying technology of Bitcoin [1]. A blockchain is usually maintained by peers in a P2P transaction network, where peers record transactions in a period of time and package them together into a block to join the blockchain. Blockchain technology is decentralized, tamper-resistant, and traceable [2]. On a blockchain, a smart contract [3] is an event-driven promise defined by the programming language. A smart contract on the blockchain can be invoked by sending a transaction to the blockchain peers, with the independent execution of every peer. Finally, the contract execution is finished, with the result returned to the blockchain. The protocol called consensus protocol keeps every peer having the same blockchain. Since such execution is independent of every peer, the result is controlled by all the participants and, therefore, can be trusted by everyone.
Decentralized applications were proposed much earlier than blockchain technology. Since blockchain-based decentralized applications (DApp) can enhance trustworthiness, decrease the cost of central trusted authority, and have wide applications (e.g., finance, IoT, data provenance, etc.), they have gained a lot of attention from both industry and academia in recent years [4]. In [5], decentralized applications are classified into two classes: fully anonymous decentralized applications and reputation-based decentralized applications. However, there is a substantial gray area between these two types. Therefore, the definition of blockchain-based decentralized applications is still undefined.
Although there are some surveys [4], [6], [7] about blockchain technologies, the definition, architectures, and categories of DApps are still unclear. Therefore a systematic overview of DApp is urgently needed for better understanding and further research work in different aspects.
This article considers the blockchain-based decentralized application to be the application using blockchain as its underlying technology to ensure decentralized characteristics. In this article, the architectures of blockchain-based decentralized applications are summarized into four types, which are Native Client as a DApp, Smart Contract as a DApp, Web & Contract as a DApp, and Fully-decentralized DApp, based on their different architectures.
r We conduct an overview of the research problems on DApps from the aspects of economics, security, and performance to provide research opportunities for researchers who are interested in this field. This survey provides a comprehensive overview of the research on blockchain-based decentralized applications. The rest of the survey is organized as follows. Section II gives an introduction to the basic concepts. Section III shows the definition and typical architectures of blockchain-based decentralized applications. Section IV categorizes the decentralized applications and compares them with traditional centralized applications. Section V propose the economic, security, performance problems, and corresponding solutions of DApps. Section VI concludes the article.

II. BASIC CONCEPTS
This section introduces the basic principles and concepts of blockchain, consensus protocol, and smart contracts.

A. BLOCKCHAIN
In a narrow sense, blockchain is a kind of data structure. The concept of the blockchain was first proposed as the underlying storage for peer-to-peer payments in Bitcoin [10]. In a blockchain, every block contains transactions for a period of time. Then every block is joined to a chain-like data structure named blockchain. Each peer in the peer-to-peer network maintains a blockchain by itself. And the peer keeps it the same with each other via consensus protocols. Since each block has a hash value of itself and the hash value is contained in the next block, the content (e.g., timestamps, transactions) is tamper-resistant and traceable. It should be noted that the blockchain can be described as a comprehensive technology that includes the underlying data structure, consensus protocols [10], and upper applications [11] in a broad sense [6]. But in this article, blockchain is considered as a kind of data structure. And the blockchain-based decentralized application is the application that uses this underlying data structure.

B. CONSENSUS PROTOCOL
The consensus protocol [10] is a protocol that is implemented in every node of a blockchain system to keep them having the same ledger. Consensus algorithms have been developed in traditional distributed systems for years. But in blockchain systems, especially public blockchain, the peers have more motivation for dishonesty, so there are more problems, such as the double-spending problem. Thus the blockchain systems need different consensus protocols to balance the technical and economic motivations. Different DApps (or their underlying blockchains) use different consensus protocols. In this case, some of the problems with DApps in economics, security, and performance result from the consensus protocols, which will be shown in Section V.

C. SMART CONTRACT
The smart contract is a promise defined by digital form [13]. A blockchain-based smart contract is an event-driven promise defined by the programming language. A smart contract can be invoked by sending a transaction (including the address of the contract, the calling function, and the parameters) to the validating peers. After that, the smart contract will be executed independently by each peer [12]. Finally, different peers reach a consensus and save the result back to the blockchain. Under some scenarios, a smart contract on blockchain could be considered a decentralized application. Yet it is still controversial. The different definitions and architectures of blockchain-based decentralized applications will be described in Section III.

D. GROWTH
In the early stages of DApp development, most DApps are constructed on Ethereum [13]. However, with the development of DApps, the performance of Ethereum cannot afford the rapid growth of users. Therefore, there are more and more platforms (blockchains) developed and used by users. Nowadays, the other popular smart contract platforms are: BinanceSmartChain [14], EOSIO [15], TRON [16], Fantom [17], Polygon [18], Solana [19], Avalanche [20], and so on. There is no simple and intuitive evidence to compare the whole DApp ecology of each platform. However, we will introduce the metric of Total Value Locked (TVL) in Decentralized Finance (DeFi) to compare the financial DApps on these blockchains.

III. DEFINITION AND ARCHITECTURE
A decentralized application is an application that does not be controlled by a centralized organization. The motivation for decentralized applications is that traditional centralized application/structure is very vulnerable to attacks and breed corruption. The concept of the decentralized application was proposed much earlier than blockchain. For example, BitTorrent [21] is a decentralized application, and so does much peer-to-peer software. For rigorous and convenient representation, the "DApp" or "decentralized application" mentioned below all refer to blockchain-based decentralized applications.
Different architectures of DApps are proposed in the following subsection.

A. NATIVE CLIENT AS A DAPP
Bitcoin can be considered as one of the blockchain-based decentralized applications in payment. Every user runs a client on a peer and then joins the peer-to-peer network. Because the ledger of payment is decentralized, people can use their own client (e.g., Bitcoin Wallet) to transfer Bitcoin to other people. Because the user only uses the client to interact with the network, the client is a DApp. In this survey, this architecture is called Native Client as a DApp. Fig. 1(a) shows the architecture of Native Client as a DApp. It is used by most of the early Bitcoin-like cryptocurrencies, such as Litecoin [22], PPcoin [23], and so on. The shortcoming of this architecture is that the blockchain is customized for the application (e.g., payment).

B. SMART CONTRACT AS A DAPP
In the "Native Client as a DApp," modifying the blockchain for new applications is hard. And the developers of every new DApp need to develop a new blockchain and client, which reduces the efficiency. This can be solved by smart contracts.
Developers can use smart contracts on the blockchain (e.g., Ethereum) to record any information they want. Thus the DApp developers can choose to write a smart contract as a DApp for the users. Taking Ethereum as an example, if the developers want to develop a DApp for transferring tokens, they can write a token contract within 100 lines of code on Ethereum. Then the users can use a smart contract browser (e.g., Remix, Mist, etc.) to load a contract on the Ethereum network and call the functions written by the developers. In some cases, the client is also the contract browser. As shown in Fig. 1(b), this architecture is called Smart Contract as a DApp.
However, the bottleneck of this architecture is that it requires the users to have some basic knowledge of programming. Meanwhile, the contract browsers of many platforms are not so easy for users because few of them have graphic user interfaces.

C. WEB & CONTRACT AS A DAPP
To improve the bottlenecks of Contract as a DApp and make it easier for users to use DApp, most DApp developers create a web front end for the smart contracts. As shown in Fig. 1(c), the front end is provided as web pages, including the graphic user interface written in code of html/css/js. And the web browsers run the JavaScript (or install Metamask [24]) to connect to the blockchain peers. There are also some light clients (e.g., imToken [25]) that set web browsers and wallets together so that it will be easier for users to use DApps. Note that the Web client in this architecture is different from the Native client before. The peers can be remote or local. Finally, the browsers can get the important information (e.g., balance, token) from the blockchain and then present it to the front end.
This Web & Contract as a DApp is widely used by most DApps. The main idea is to store the GUI (Graphic User Interface) on the website and the important information (e.g., balance) on the blockchain. This seems to be more familiar to users. However, it causes another centralized problem: Although a few DApps (e.g., Compound [26], Uniswap [27],

D. FULLY-DECENTRALIZED DAPP
Taylor Gerring proposes an architecture [29], which can obliterate the notion of separating content from presentation by removing the need to have servers at all. It consists of three modules: Ethereum for decentralized logic, Swarm [30] for decentralized storage, and Whisper [31] for decentralized messaging. In this survey, this architecture is called Fully-decentralized DApp. If this concept could be totally implemented, then the developers and users will use the Fullydecentralized DApp. The major difference between Fullydecentralized DApp and Web & Contract as a DApp lies in the storage of the front-end. The storage of Fully-decentralized DApp does not depend on the centralized service but on the decentralized file systems, as shown in Fig. 1(d). Tor-nadoCash [32] is restricted by some countries for economic regulation, which will be described in Section V. There are few centralized services that provide storage for it. Hence, TornadoCash has to move its front-end files (html/css/js) into decentralized file systems (e.g., IPFS [33]) In summary, four architectures of DApp are listed in this survey. And Table 1 shows the DApps which are conducted by these architectures.

IV. TYPE OF APPLICATIONS
In this section, we will first collect and give an overview of 3,118 DApps from the StateOfTheDApps. Then we categorize the blockchain-based decentralized applications and summarize their typical advantages over centralized solutions.

A. OVERVIEW
There are many platforms of DApps, such as Ethereum, EOS, and so on. Different from traditional applications, there is no centralized app store like AppStore to distribute applications. However, there are still some guiding websites that record the information of the DApps. DApp markets have already grown. There are several DApp market websites, such as StateOfTheDApps [50], DAppReview [51], DApp.com [52], DAppRadar [53], and so on. 3,118 DApps from the StateOfTheDApps are collected and categorized in this survey. The statistics of DApp in different categories are shown in Fig. 2. Most of the DApps published on StateOfTheDApps are games. And the second is exchanges for cryptocurrency. The following are finance, community, gambling, media, property, governance, storage, energy, health, and insurance. It should be noted that the DApps of Exchange have higher DAU (Daily Active Users) since the exchange of cryptocurrency is really active and hot in the market. Some categories of DApps will be described in detail.

B. FINANCE (DeFi)
Traditional financial services depend on a trusted party to take some risk and get the benefit (e.g., financial investment, insurance, etc.). But in some way, DApps can remove trusted third parties. So DApps have wide applications in finance. In this subsection, three typical fields of DApps in finance will be introduced. A general concept of this kind of DApps is Decentralized Finance (so-called DeFi).
Crowd-Funding: Traditional capital markets make it difficult for people to raise money or make investments. The settlement time can be longer than one month due to the financial review. But nowadays, many developers raise the crowd-funding on the smart contract. Then they can get a large number of cryptocurrencies in a very short period of time. It is called Initial Coin Offering (ICO) [9]. Since the ICO DApps record all the financial contributions, they can reward people's financial contributions to a project with actual shares of the project. Tapscott et al. [54] propose a review of ICO. The scale of crowd-funding on DApps is growing fast. However, many frauds appear in the meanwhile.
Token Exchange: In Ethereum and other platforms, after sending cryptocurrencies to a Crowd-Funding contract, the users would be rewarded with tokens, which are proof of their investment. ERC20 protocol on Ethereum enables the token holders to send the tokens to others. Hence many DApps for decentralized exchange (DEX) of tokens show up. IDEX [55] is a decentralized exchange for trading Ethereum tokens, combining the speed of centralization with the security of blockchain settlement. And ForkDelta [28] is also an exchange similar to IDEX. KyberNetwork [42] is an exchange service that enables instant conversion of tokens with guaranteed liquidity. 0x [56] is proposed as a permission-less protocol to trade ERC20 tokens on Ethereum. With the development of DEX, a new type of protocol called Automated Market Maker (AMM) is introduced to DApps. It allows digital assets to be traded without permission and automatically by using liquidity pools instead of a traditional market of buyers and sellers [57]. The typical DApps using AMM are Uniswap [27] and Curve [40].
Token Lending: Lending, or the so-called "loan," is one of the most used cases in the traditional financial market. In the blockchain, there are also such needs for borrowing/lending the tokens and paying with interest. Hence there are some DApps that focus on supporting token lending. Compound [26] is a DApp for supplying or borrowing assets. Accounts on the blockchain supply capital to receive or borrow assets from the protocol. Its smart contracts track these balances and algorithmically set interest rates for borrowers. Aave [41] is similar to Compound but provides more patterns of lending. MakerDAO [39] is designed to lend stable tokens (bound to US dollars) for users and has become one of the most popular DeFi DApps [58].
Insurance: Mainelli et al. [59] explore the potential for blockchain technology to transform personal insurance. The decentralized applications in the insurance industry can improve efficiency, save costs, and reduce the processing overheads in claims handling [60]. And the lower premiums are paid by the consumers.
As mentioned in Section II, the metric of Total Value Locked (TVL) can be used to evaluate the popularity of the DeFi DApps on different blockchains. We collect the TVL data from DefiLlama [58] in US Dollars and then show the statistics in Fig. 3. As shown in this Fig. 3, Ethereum is now one of the most popular blockchains for DeFi DApps. And it takes up more than 50% of TVL in all Top 10 blockchains. The other blockchains (BinanceSmartChain [14], TRON [16], Fantom [17], Polygon [18], Solana [19], Avalanche [20], etc.) also attracts some DeFi users to lock their cryptocurrencies in their DeFi DApps.
The financial DApps can truly improve efficiency, reduce time costs and make automatic execution. And the challenges are listed as follows: (1) Tax evasion: Traditional financial transactions is easy to audit. But the financial DApps are difficult to audit since the users could be anonymous. One user can be divided into many accounts to reduce the tax. Thus the tax could be evaded by the DApps users. (2) Difficult operation: Taking the insurance DApps as an example, it is not easy to report an accident on the blockchain. It needs a lot of complex and difficult operations to confirm the accident.

C. GAME (GameFi)
The game built on blockchain is one of the hottest fields of DApps. As shown in Fig. 2, the game is also the most type of DApps. Moreover, in recent months, GameFi has been a hot topic in DApps. It combines Game and DeFi, and users can sell or buy the game things through DeFi protocols.
Axie Infinity [49] is the most popular GameFi DApps currently. Players can get profits by playing the game and selling the tokens on the decentralized markets. However, it also costs money to start the game. Note that the GUI of Axie is not all based on the Web. Partial GUIs of it are based on a single client on personal computers.
CryptoKitties [46] is a famous game built on the Ethereum blockchain. CryptoKitties are digital, collectible cats built on the Ethereum blockchain. They can be bought and sold using Ether and bred to create new cats with exciting traits and varying levels of cuteness. The key mechanics are tied to actions associated with cryptocurrencies and smart contracts. In summary, Cryptokitties are proof that you can create something on Ethereum, and users can buy, sell, and trade CryptoKitties. The reason for the use of blockchain is that it ensures that each cat is truly unique and persistent.
The main idea of the games is to use blockchain as a data structure to store gameplay and executable elements of the game program. But it also causes some problems: (1) Throughput: The throughput of a public blockchain is limited now. And it is reported that Crypto-Kitties have disrupted the Ethereum Network to be too crowded in a few days. Ref. [61] (2) Non-open-source (centralized control): Some DApp codes are fully controlled and updated only by the developers. (3) Transaction-Ordering Dependence: This is a kind of vulnerability that could affect the users to gain profit in the game.

D. DATA STORAGE AND PROVENANCE (NFT)
The public blockchain provides permanent storage for the data stored on it, and it is also useful for provenance.
CryptoPunks [43] is a DApp that provides 10,000 uniquely generated characters stored on Ethereum. In this DApp, the characters can be purchased from someone via its marketplace, that's also embedded in the blockchain. The underlying protocol of such buying and selling is the Non-Fungible Token (NFT). In this way, the traces and provenances of the tokens (in the DApp) can be temper-resistant on the blockchain since all the key data is stored on the blockchain. The website of CryptoPunks shows that the current lowest price of a character is more than 300,000 US dollars.
Moreover, since CryptoPunks (and NFTs) are popular with DApp users, many DApps imitating it has been produced. OpenSea [44] provides another independent marketplace for NFTs, rare digital items, and crypto collectibles. Users can buy, sell, auction, and discover the NFTs from other DApps, such as the mentioned CryptoKitties, CryptoPunks, and so on.
Note that not all the DApps in this subsection are NFTs. NFT DApps is only a subset. There are also other DApps that leverage blockchain for data storage and provenance. EtherShare [62] is a DApp for users to share information with permanent storage and open access. EthereumNameService [47] takes a decentralized domain name as an NFT, and then resolves it to a specific address, in order to ease the usage of the address.
However, some challenges are listed as follows: (1) Waste of storage: The DApps usually store the data on each blockchain peer. It is necessary, but it also causes a waste of storage, especially some kinds of Big Data. (2) Identity authentication: A DApp user is represented as "address" on the blockchain. Thus it is difficult to link the address to the real-world identity in a decentralized situation. (3) Piracy problem: Some DApps only provide the solution to store the data so that the data is easy to be copied. The piracy problem is urgent for the DApps of data storage.

E. PRIVACY PROTECTION
DApps can be considered native anonymous because blockchain technology is natively anonymous. So in some way, DApp can protect the privacy of users. Zyskind et al. [63] propose a DApp as a decentralized personal data management system, ensuring users take full control of their private data. And Linn. et al. [64] also describe a blockchain-based accesscontrol manager in the health IT ecosystem, named Health Care Blockchain. Zyskind et al. [65] propose Engima, a decentralized computation platform to enable users to share their data with cryptographic guarantees regarding their privacy.
However, in some public blockchain systems, all the transactions are visible and exposed all over the world. Zerocash, proposed by Ben-Sasson et al. [66], is conducted with strong privacy guarantees from Bitcoin, with the advances in zero-knowledge Succinct Non-interactive Arguments of Knowledge. In another cryptocurrency called Monero, a confidential ring method is proposed by Noether et al. [67] to hide transaction amounts, which enhances the privacy of Monero. Another obfuscation improvement of Monero is proposed by Mackenzie et al. [68] to provide long-term resistance of the cryptocurrency against blockchain analysis.
As for this kind of DApps, there are also some disadvantages and challenges: (1) Violation of law: For example, Monero enables people to transfer money against the censorship of the government. In some cases, it is so-called "freedom" and "privacy". However, this will also help the criminals to receive money. It is hard to make a balance between law and privacy in DApps. (2) Computing resources consumption: The algorithms to generate the privacy-protected transaction always consume a lot of computing resources. For example, Zerocash takes the user a few minutes to generate a transaction. Thus a faster algorithm is needed.

F. SHARING
One key advantage of DApp is to enable peer-to-peer sharing without a trusted third party. Users can use DApps to share the things they want for free or for a fee. Xu et al. [69] propose Prc, a blockchain-based sharing economy platform to maintain desirable features that public blockchain offers to share economy applications without sacrificing user's privacy. Bogner et al. [70] demonstrate a DApp for sharing everyday objects based on the smart contract on Ethereum. Kang et al. [71] design a localized P2P electricity trading system with consortium blockchain to illustrate detailed operations of localized P2P electricity trading. Luu et al. [72] implement and deploy SMARTPOOL, a DApp for the decentralized mining pool, enabling the Ethereum miners to contribute their hash rate and share the rewards.
In the field of cloud computing, DApps can be used to share the computing resources of users. IExec [73] relies on Ethereum smart contracts and allows the building of a virtual cloud infrastructure that provides high-performance computing services on demand. Similar to IExec, Golem [74], and SONM [75] are also the DApps to share computing resources. The differences are: Golem assembles a network to attract regular 3D rendering users first, and SONM aims at fog and edge computing. In electric vehicles cloud and edge computing, Liu et al. [76] propose blockchain-inspired data coins and energy coins, in which data contribution frequency and energy contribution amount are applied to achieve the proof of work.
There are some problems with the sharing DApps. (1) Insufficient supervision: Decentralized sharing means that anyone can share in the P2P network. However, once controversy about sharing shows up, supervision is missing. A way of supervision or arbitration of sharing is needed. (2) Low throughput: Similar to the IoT DApps, the sharing DApps need high throughput to ensure the user experience. Thus this kind of DApps also suffers from the low throughput of blockchain.

G. GAMBLING AND PREDICTION MARKET
Although there are some differences between gambling and prediction market [89], this survey puts these two types together since the action of the DApp users is almost the same: Bet on a prediction with some money, then get the rewards if it is true. Traditional gambling and prediction market cost users some fees for trusted third parties (e.g., casinos), and it is easy to be unfair to users. Nowadays, there are lots of DApps for gambling or prediction markets. For example, Etheroll [85] is a DApp for placing bets on our provably with no deposits or sign-ups. Each dice roll is provably random and cryptographically secure. Miller et al. [86] present a zero-collateral lottery protocol in Bitcoin and Ethereum. Cryptocup [87] is a DApp as a World Cup prediction game with ERC 721 tokens. Users will predict the World Cup matches to gain potential rewards. As for the prediction market, Peterson et al. [45] propose a decentralized oracle and prediction market platform called Augur.
A key problem of the gambling and prediction market is how to input the real-world result (e.g., champion of the World Cup) into the smart contracts. Adler et al. [88] propose AS-TRAEA, a decentralized oracle based on a voting game, to solve the problem. Oraclize [90] and Reality Keys [91] are also the oracle solutions.
There are also some challenges of this kind of DApps: (1) Centralized oracle: Although Oraclize and ASTRAEA try to help input real-world data to the smart contract, they are still not decentralized. A new oracle solution is an opportunity. (2) Not absolute truth: In the prediction market, the prediction result could be affected by the users. For example. The champion of the World Cup is input by the users. If most users choose to lie, the result could be fake. (3) Higher delay: Traditional gambling and prediction markets can ensure very low delay. But DApps require a higher delay in committing the block or voting for the result.
In summary, DApps show great advantages in many fields of applications. Table 2 shows the summarized advantages and challenges of different types of DApps.

V. PROBLEMS OF DAPPS
In this section, we will discuss the problems of DApps. We will summarize the problems of DApps into three fields: economics, security, and performance.

A. ECONOMIC POLICY AND RISK
In this survey, the economic problems of DApps fall into three folds: Incentive Policy, Risk Evaluation, and Miner Effects, as shown in Table 3.

TABLE 3. Economic Problems in DApps
Incentive Policy: In the above-mentioned DApps, including the DeFi, GameFi, and NFTs, there is a problem: How to attract users to use the DApp? The answer results in incentive policy economics. In other words, in most DApps, the common way to motivate users is to make users make money, which is an economic problem. For example, Uniswap [27] rewards the users with fees and governance tokens as incentives. OpenSea [44] returns the customized fees to the creators of NFTs as incentives. Qin et al. [92] propose an empirical study on the measurement of the incentive of the lending DApps by processing the on-chain blockchain data. Research on incentive policies can be an opportunity.
Risk Evaluation: As for a user, when using a DApp, the risk comes from many areas. Researchers have found some DApps that can be scams [93], [94]. Moreover, the risk also comes from market volatility. Qin et al. [92] measure various risks that liquidation participants are exposed to and quantify the instabilities of existing lending DApps. With more DApps being developed, measuring and managing the risk [95] for users can be helpful and challenging.
Miner Effects: Blockchain miners have large effects on DApps. Miner extractable value (MEV) is a measure of the profit a miner (or validator, sequencer, etc.) can make through their ability to arbitrarily include, exclude, or re-order transactions within the blocks they produce [96]. And lots of studies are proposed for MEV. FlashBots [97] provides a study on the front-running transactions on the DEX DApps. They also provide a tool for the Ethereum miners in the latter version, which has been applied to many miners to gain extra profits. Qin et al. [98] quantify the MEV in another perspective called blockchain extractable value. The MEV explorer website [99] shows that there are more than 24 million US dollars were extracted by miners in Nov. 2021. Hence, investigating the miner effects of DApps can be a research opportunity.
Economic Regulation: The decentralization of the DApps makes it hard for economic regulation. For example, Tornado-Cash [32] is a project designed for mixing cryptocurrencies in a decentralized way. This project enhances the privacy of users but also illegal assets. Therefore, some countries including the United States have restricted this project. For example, U.S. persons are prohibited from engaging in transactions involving TornadoCash, including through the virtual currency wallet addresses that the government has identified [101]. As mentioned before, although TornadoCash has been migrated to the decentralized file systems, its transactions are reported to be rejected [100]. More solutions for the balance between privacy and regulation could be research opportunities.

B. SECURITY RISK
Since most DApps are conducted with cryptocurrencies, security is very important. Once the DApps were attacked, billions of cryptocurrencies could be stolen, with no way to get the money back because of the features of blockchain. In this section, typical vulnerabilities and attacks will be presented, with the security solutions.
Vulnerabilities and Attacks: Section III shows different architectures of DApps. Web & Contract as a DApp is the most widely used architecture until now. This architecture can be abstracted into three layers: web, smart contract, and blockchain. Then these three layers can be attacked by different vulnerabilities, as shown in Table 4. Table 4 shows the vulnerabilities and attacks in real-world cases. The centralization in DApps resulted from the centralization of the Web GUI. As shown in Table 4, the Web layer is one of the most important vulnerable layers. In Dec. 2021, the frontend of BadgerDAO was tempered by hackers [102]. In this attack, various tokens worth about 120 million US dollars are stolen. Augur [45] and other DApps are reported with inconsistent synchronization bug [103]. MyEtherWallet is a famous DApp widely used as a wallet for transferring tokens. It is reported [104] to be attacked, and over $152,000 is stolen by the hackers via DNS hijacking. In November 2020, Infura.io was reported to be down for hours [105]. At that time, several DApp browsers were reported for exceptions of users' balances and DApp operations, which might cause wrong operations of users [106]. As for the DApp vulnerabilities resulting from blockchain and smart contracts, details can be found in previous surveys [115].
Recent Advances: As there are many vulnerabilities and attacks in DApps, the tools and solutions for DApps are urgently needed. And most tools are based on solving the vulnerabilities of blockchain and smart contracts. Formal verification works as one of the solutions. OYENTE [112] is built as a symbolic execution tool to find potential security bugs. The tool can check the bytecode of the contracts and then help the developers to avoid vulnerabilities. Bhargavan1 et al. [116] propose a framework for runtime safety and the functional correctness of smart contracts, translating the contracts to a functional programming language named F*. KEVM [117] is proposed as a complete executable semantics of the running environment of smart contracts. Another semantic framework is presented in asemantic as a complete small-step semantics of bytecode of smart contracts. DappGuard [118] is developed as a tool to classify known attacks from transaction data, protect the DApps from attacks and determine malicious actors to learn new attacks. DArcher [103] is a tool to detect onchain-off-Chain synchronization bugs for DApps. Pettersson et al. [119] implement a proof-of-concept compiler for smart contracts to reduce the risk of errors and the need for testing. CertiK [120] is a formal verification framework to help mathematically prove whether a DApp is hacker-resistant. Another way to maintain security is to generate smart contracts automatically. FSolidM [121], [122] is a framework rooted in rigorous semantics for designing contracts as finite state machines, with a tool to create the contracts on a graphical interface. Frantz et al. [123] propose a modeling approach to support the automatic translation from human-readable contract representations to executable smart contracts. Wohrer et al. [124] also find design patterns for smart contracts are found in detail and provide the code for better illustration. Modifying the mechanism of blockchain is also the solution. Karame et al. [109] propose a modification to the existing Bitcoin implementation to ensure the detection of double spending attacks. Chen et al. [125] propose an adaptive gas cost mechanism to defend against known and unknown DoS attacks with flexible parameter settings in Ethereum. Marino et al. [126] set the standards to alter and undo the smart contracts so that users can avoid losing money in the unsafe contracts. And the developers can also try to use safe smart contract programming languages, such as Pact and Liquidity, in which fewer vulnerabilities are found [127].
Research Opportunities: The security tools and solutions are great opportunities in both academia and industry. The research opportunities are summarized as follows: (1) Reliable Web for DApps Developing a reliable web layer of DApps is needed. There are two optional ways. One is to develop decentralized file systems. The other is to develop the tools that defend the centralized web page from attacks, such as Darcher [103]. (2) Formal Verification: Although there is already some research on the formal verification of smart contracts, the code of smart contracts is developing fast. Thus the formal verification of the contract code is still a good topic for research. (3) Standard Templates: For new DApp developers, it is difficult to write code that ensures no bugs or vulnerabilities. A possible solution is to provide standard DApp templates for the developers. This could be similar to the research of FSolidM [121], [122]. But this field is still quite blank. (4) More Vulnerabilities and Tools: DApps are still at a very early time. More platforms and types of DApps are in the working process. Thus more and more vulnerabilities and corresponding tools should be found to avoid economic loss. (5) Similarity Detection: For the new DApp developer, it is not easy for them to use formal verification tools and other vulnerability detection tools. However, it might be a good idea to conduct a similarity detection of the DApps. In this way, the developers can find out whether there are some similar vulnerabilities in their DApps.

C. LOW PERFORMANCE
This subsection discusses the challenges of DApps in performance and also presents the recent advances with a comparison.
Challenges: DApps have not yet been used as widely as PC and mobile apps because DApps do not meet daily use as easily as mobile apps. One of the most urgent problems is performance. There are so many DApps that suffer from the low throughput of blockchain systems. It is reported that Ethereum has been disrupted by DApps. Resulting from this, many DApps can not work well since the transactions can not totally be confirmed. And there are thousands of peers in a blockchain system, so it is necessary to know what is going on in the system. In this way, the people who run the peers can do some analysis or fix errors if the blockchain system becomes abnormal. But the peers belong to different parties. Thus here comes the challenges of how to monitor the whole status, including the blockchain transactions and overall performance. For example, EOS [15] is declared to achieve an extremely high throughput of hundreds of thousands. But Bitmex Research shows that the real-world throughput on EOS is not much better than the one on Ethereum [139].
In traditional distributed systems, there are some black-box studies such as Project5 [140], WAP5 [141], and the Sherlock system [142]. Therefore the universal or standard benchmarks of different blockchain systems are needed. Finally, some studies have shown that the availability of DApps can not meet the requirement of daily applications. Then how optimizing the performance of DApps becomes a challenge.
Recent Advances: The recent advances of blockchain-based DApps are summarized into the layer of blockchain and decentralized storage. (1) As for the blockchain layer, Zheng et al. [128] propose a scalable framework for detailed and real-time monitoring of blockchain systems, which has much lower overhead and more details about the blockchain systems compared with previous approaches. One of the main ideas is to divide the metrics into overall metrics for users and detailed metrics for developers. Weber et al. [129] a method to identify the availability limitations of Bitcoin and Ethereum, showing that the read availability is high while the write availability is low. Kalodner et al. [130] propose an open-source software platform for blockchain systems, which parses the data from the p2p nodes and raw blockchain data for users to monitor and analyze the system. Dinh et al. [131] describe frameworks for analyzing private blockchains in varying workloads. Gupta et al. [132] also propose a method for analyzing performance. Gervais et al. [133] present a novel quantitative framework for the security and performance of PoW blockchains. In some cases, DApps show low performance thanks to the limited query support of blockchain systems. Thus Li et al. [134] propose EtherQL as a query layer for Ethereum. It also provides two levels of interfaces for data retrieving or serving as a RESTful data provider. (2) As for the layer of decentralized storage, Abdullah et al. [135] record and analyze the performance metrics of IPFS [143] and FTP. Ismail et al. [136] evaluate the costs and latency of the existing decentralized file systems. Shen et al. [137] use Amazon EC2 servers to evaluate the performance of data I/O operations from the perspective of IPFS clients. Trautwein et al. [138] evaluate the performance of IPFS and uncover the characteristics of the IPFS peers.
Research Opportunities: Table 5 shows the comparison of metrics used in the performance of DApps. Thus throughput and latency are the two metrics on which many researchers focus. The main reason is that there is a big gap between the throughput and latency of DApps now and the requirement in real-world applications. And some other metrics, such as hardware consumption and fault tolerance, should also be evaluated in different blockchain platforms of DApps. There are many peers running the blockchain clients nowadays. Thus, these metrics are also the key metrics for the evaluation of DApp platforms. The rest metrics in the table, such as contract execution and consensus cost, seem to receive less attention. However, these metrics also reflect the bottlenecks of blockchain systems. If the throughput is high enough and the hardware consumption is low enough, these metrics will become the key to the next optimization of the DApps. Some research opportunities are listed as follows: (1) Performance of Contract Execution: Smart contract is one of the most important parts of DApp. There are already lots of research on the performance of the underlying blockchain system. However, the research on the performance of smart contracts is blank. (2) Standard Benchmark: Although there are some papers that focus on the benchmark of blockchain systems. However, as for DApp, there is no benchmark. A standard set of workflows or operations for the benchmark of DApp is necessary. (3) Automated Testing: There are many automated testing tools for traditional computer applications or mobile applications. That will help developers to know the reliability of the application. The testing tools for DApp are missing. Thus it is also an opportunity.

VI. CONCLUSION
This survey provides a comprehensive overview of the research on blockchain-based decentralized applications. The definition and typical architectures of DApps are summarized with their strengths and weaknesses. Moreover, we collect and categorize the DApps into different types with the details, of which the advantages over centralized solutions are presented. As for recent research aspects from economics, security, and performance in DApp, this article also provides an overview and the research opportunities in these aspects.