After Ripple Labs achieved a significant victory against the U.S. Securities and Exchange Commission (SEC) in July 2023, the crypto industry experienced an uplifting wave of optimism. This positive atmosphere prompted traditional financial institutions (TradFi) to once again express their interest in the cryptocurrency market. In line with this growing trend, PayPal recently made headlines by announcing the imminent launch of PYUSD, a stablecoin backed by the U.S. dollar, scheduled for early August.
Unfortunately, the introduction of PYUSD has left crypto enthusiasts disheartened, and their concerns extend beyond personal biases. The smart contract code for PYUSD exposes numerous issues and vulnerabilities that directly contradict the decentralized principles of the crypto world. Neglecting to address these concerns promptly could potentially pave the way for other institutions to disregard crypto’s fundamental values, leading to a reshaping of the industry according to their own preferences while disregarding the established crypto community.
The Challenge of Centralizing PayPal’s Code
Before delving into the actual code of PYUSD, it’s crucial to grasp its purpose: it can only be purchased from PayPal and currently can only be sold back to PayPal. Essentially, it represents a modernized crypto version of a closed-loop financial system or a protected garden.
At first glance, this may not raise immediate concerns. However, given PayPal’s history of censorship, account closures without justification, asset seizures, and lack of transparency, it’s only natural to question a crypto token controlled by an entity that holds the power to seize your funds for trivial reasons.
It’s important to note that these opinions are based on the initial PYUSD contract released in early August, and the code of this contract can be modified at any time. It may still be in the beta stage.
Upon scrutinizing PYUSD’s code, certain vulnerabilities come to light. Some of these issues are inherent to smart contracts, such as the potential for freezing or wiping out account balances if exploited. This undoubtedly erodes trust in the stablecoin and hinders its adoption.
In terms of security, the stablecoin’s blacklist function cannot be overlooked. It’s worth clarifying that other notable stablecoins like Circle’s USDC and Tether’s USDT also employ a built-in blacklisting mechanism to prevent unauthorized access by hackers and criminals. Utilizing a blacklist is virtually an industry standard.
However, implementing a blacklist typically requires a government order or proof of hacking to lock funds, and these funds can be unlocked if circumstances change.
PYUSD’s code includes a function called “wipeFrozenAddress” that clears the balance of a frozen address and permanently removes the associated tokens from the total supply, similar to discarding dollar bills into a fire.
Additionally, PYUSD features a built-in “pause” capability that implies PayPal can universally halt transfers or trades of its tokens at any moment, potentially leading to significant value loss. Imagine if the U.S. government could render all the physical dollar bills in your wallet unusable with a single button press, and you only discovered it when trying to buy a cup of coffee.
With PYUSD, the discretionary power to confiscate funds from users solely lies in the hands of a company that has repeatedly shown an inability to be trusted with such authority.
Moreover, the code’s “assetProtection” feature poses a threat to the decentralized vision of the crypto world, echoing the flaws observed within traditional finance (TradFi) that prompted the creation of crypto and decentralized finance (DeFi) in the first place.
This “centralization attack vector” only solidifies the perception of PYUSD as a digital rendition of traditional fiat currency, diverging from its intended role as a decentralized stablecoin.
How does PayPal’s stablecoin affect others?
Beyond the code flaws, PayPal’s entrance into the stablecoin market represents a significant shift in the traditional financial sector’s perception of cryptocurrencies.
Given PayPal’s influence, it’s not surprising that other prominent payment processors, already exploring the world of cryptocurrencies, would view this as a signal to ramp up their own efforts. However, blindly imitating PayPal’s approach would be unwise.
In the short term, crypto exchanges and projects will likely capitalize on PayPal’s widespread reach and user base by integrating PYUSD or offering support for it. Crypto companies may even experiment with its capabilities and leverage PayPal’s brand recognition to bring attention to their own products.
Yet, in the long run, advocates of decentralization may hesitate to fully embrace PYUSD when compared to more established, regulated, or non-regulated stablecoins. This hesitation stems from PayPal’s past punitive actions and limited liquidity.
Even if PYUSD fails to meet expectations, the changing sentiments within the traditional financial sector after PayPal’s entry into the stablecoin market point towards a brighter future for decentralized finance (DeFi) and cryptocurrencies as a whole.
Analyzing the features embedded in PayPal’s smart contract exposes its excessive control over users’ finances. The sole authority to determine “misinformation” and impose financial penalties raises significant concerns.
Likewise, the ability to transfer all funds from user wallets to PayPal creates reluctance among crypto enthusiasts who see it as contradicting the principles of cryptocurrency. This hesitancy could potentially deter potential adopters.