Researchers from the University of Pennsylvania have found that a significant number of ICOs retained centralized control through undisclosed code.
Backdoor Centralization
The full paper, titled Coin-Operated Capitalism and published on July 18, is an “interdisciplinary effort spanning law, economics, and computer science,” according to University of Pennsylvania Law Professor David Hoffman.
The researchers looked at the top fifty ICOs which raised a total of $2.6 billion USD in revenue with the notional initial market cap of $3.8 billion. “We looked at the top fifty ICOs from 2017 taking into account every white paper, T&C and prospectus, every available piece of code, and every social media post we could get our hands on,” says Hoffman.
One of the biggest takeaways is that many ICOs did not promise that investors will be protected from insider self-dealing. In other words, there was no guarantee that the tokens won’t be subject to pumps and dumps by ‘whale’ traders, insider trading, and other market manipulations.
What’s worse, an even smaller number of projects actually expressed their promises in code. Specifically:
- of 37 that promised vesting, 80% didn’t code it;
- of 32 that promised supply restrictions, 25% didn’t code it;
- of 17 that promised burning, 35% didn’t code it;
- of 10 with tokens that could be modified (like Bancor), only 4 disclosed that right in English.
Ironically, the study found that investors “didn’t react to the absence of coded governance rules” despite buying into promises of self-regulation, disintermediation, and ‘trustless’ transactions.
Hoffman notes that a substantial portion of ICOs also exaggerated their claims of decentralization as they still required trust and centralized decision-making. He explains:
Surprisingly, in a community known for espousing a technolibertarian belief in the power of ‘trustless trust’ built with carefully designed code, a significant fraction of issuers retained centralized control through previously undisclosed code permitting modification of the entities’ governing structures.
Such ‘modifiabilities’ were found in the Polybius ICO, for example, whose smart contract code “extended well beyond changes to tokenholder voting rules.” Hoffman adds:
So there’s actually a lot of ‘trust’ in this market.
Code Isn’t Law
The findings also undermine the idea of “code is law” and self-regulation, at least for the time being.
On one hand, investors must trust the development team to actually build the product they hype in their whitepaper. On the other, they must have faith “that ordinary contract law litigation will back up old-fashioned terms of use, or that the byte code, which essentially no one will or could parse, renders those promises operable.”
It comes as no surprise that blockchain projects so far have a 92 percent failure rate and an average lifespan of just 1.22 years. Meanwhile, 20 percent were found to be scams, according to a recent report.
Though given SEC’s recent statement that “decentralized” cryptocurrencies such as Bitcoin and Ethereum aren’t securities, these findings could help regulators determine which ICOs are unregistered securities, i.e. “centralized” tokens.
The paper concludes:
As smart contracts play increasingly crucial roles in transactional relationships, courts and regulators will invariably be confronted with them in day-to-day practice. Legal actors will perhaps be faced with the task of assessing smart-contract quality to determine whether its producers lived up to duties found under paper-contract or background law.
Will these findings deter you from investing in future ICOs? Share your thoughts below!
Images courtesy of Shutterstock.
