A random walk down blockchain hell
Do we really need a Blockchain powered by Oracle or a PayPal stablecoin?
Dear frontrunners,
Remember the phrase “A decentralized, trustless, permissionless peer-to-peer network?” These words were used in the Bitcoin, then Ethereum, whitepapers published in 2008 and 2014. I think as web3 and the crypto economy continue to advance, the principles which served as crypto's foundation are unfortunately becoming less relevant. This is true for both builders and crypto consumers. This analysis frames crypto’s original “first principles” against the emerging enterprise blockchain space and Paypal’s recent stablecoin announcement.
To level-set, let’s define the words decentralized, trustless, and permissionless:
Decentralized = Control & decision making is performed by a distributed network of entities not beholden to a single individual, group or organization.
Trustless = There is no need to place trust in a third party such as a bank, person, or intermediary.
Permissionless = No centralized gatekeepers and/or intermediaries throttling access to the network or underlying data
A random walk down blockchain hell.
Enterprise blockchain is a concept I hope never catches on. We do not want a blockchain powered by: Oracle, Microsoft, Google, or heaven forbid Amazon. The unfortunate reality is all of these companies already have some blockchain tech in flight, and as you can imagine, all vendors are permissioned, centralized, and trusted.
Amazon’s Managed Blockchain: a proprietary, permissioned “managed blockchain” built on HyperLedger.
Microsoft Confidential Ledger: a web3 data store hosted in “trusted execution environments” aka Azure.
Oracle Blockchain cloud: a “multi-cloud, interoperable blockchain” available on-premise, hybrid or fully cloud.
To be honest, I’m not sure why anyone would want an “on-premise” blockchain solution or why it’s preferred over web2 SaaS solutions or a private data center running MySQL. Are we seriously telling corporations like Ford Motor Company or General Motors to go buy some land in the Nevada desert, build a data center, stack it with commodity hardware, install Oracle’s private blockchain suite, then use it to manage the distribution & fulfillment of vehicle parts across their supply chain?
If you ask Lord Ellison and his team of crypto disciples at Oracle, the answer is yes. In Oracle’s sample blockchain tutorial, you can learn how to deploy their permissioned network to, you guessed it, operate as an automobile manufacturer using blockchain technology to provide “transparent tracking of the production, transfer and management of auto parts”. Ok. I’ll bite. Seriously, here is the tutorial.
Oracle’s blockchain service interacts with price & data oracles, writes transactions to the permissioned, private “on-premise” blockchain, while other off-chain systems (websites, IoT devices, etc) consume the blockchain with guaranteed assurances of finality and transparency.
I recently had dinner with a former colleague who happens to be stuck in Fortune 500 hell, where I posed a simple question: WHY? Why are we seriously entertaining this insanity?
His answer, while depressing given we’re in an era of self-driving cars and generalized AI, can be summarized as follows:
Supply chain visibility remains hard for really large companies executing really complex transactions.
For example, imagine if Ford wanted to buy 10,000 pallets of car batteries from their supplier the Chongqing Battery Company, what parties would need to be in place to facilitate that transaction?
The buyer - Ford Motor Company
The supplier - Chongqing Battery Company
The financier - The People’s Bank of China
The parties interact as follows, with risks noted under each step:
Ford places the order with the Chongqing Battery Company
Chongqing requests a loan from the People’s Bank of China
Ford has limited to zero transparency on the financing details between Chongqing and our communist friends at the People’s Bank of China. Ford is the “blind party” in this case. Are these two parties colluding to screw Americans with unfavorable terms or even cook the books? Only Xi Jinping and the Ministry of Commerce can answer.
Chongqing invoices and ships the batteries to Ford
Is Chongqing executing the agreement in accordance with the negotiated terms set forth by their friendly neighborhood communist bank? Probably, but in this scenario, the “blind party” is the People’s Bank of China.
Ford pays Chongqing for the batteries
The People’s Bank of China is again the blind party in this scenario. The bank has limited to zero insight on the transaction value and actual terms of execution between Ford and Chongqing.
Chongqing repays the People’s Bank of China whom closes the loan record
Did Ford overpay the negotiated terms used by Chongqing to obtain the commercial loan, was there ever a loan? Is Chongqing and the People’s Bank of China the same entity? Ford is the blind party in this step.
What I’ve described is the ELI5 version of the actual conversation I had with my Fortune 500 friend, who summarily concluded that “permissioned blockchain technology” solves all of these problems and more, including:
Enhanced traceability of raw materials
Improved financial controls and contracting with transactions
…by “providing a ledger of transactions useable by multiple parties in a verifiable, tamper-proof way”.
If Ford, Chongqing Battery Company, the Bank of China, whoever is using commercial software to facilitate these transactions, even if that software is blockchain, aren’t these parties subject to the same issues outlined in my prior analysis, “Code is law, sometimes”:
Specifically, the upgradability of the code, in this case, the open-source “Hyperledger” technology is the centralization vector. This is because the rules used to define the permissioned nature of the stack are subject to change at the discretion of AWS, Oracle, Microsoft, and the governments where these companies operate.
Don’t think this will happen?
Do you remember COVID and the US regulatory response to social media platforms spreading “misinformation”? The answer was clear: Censor all individuals, entities, and creators who publish content that doesn’t align with the government’s official response or will fine you into oblivion.
Is this really any better than the web2 tech that exists today? Wouldn’t it just be easier & cheaper to create a private system accessible by all parties (Bank of China, Ford, Chongqing) instead of reinventing the relational-database wheel on a bastardized fork of Ethereum?
We can at least take solace in knowing that the DeFi community isn’t subject to these risks, right? The unfortunate reality is no. Censorship and government oversight are coming to a DeFi protocol near you. Case in point: Paypal’s PYUSD stablecoin.
Paypal’s stablecoin
On August 7th, 2023 Paypal announced its venture into the stablecoin space with the PYUSD stablecoin.
Although the vision of “onboarding the world to crypto” is near and dear to my heart, the PYUSD stablecoin violates all three of the aforementioned tenants of crypto and should be categorically rejected by DeFi users who give a damn about privacy, decentralization, and government regulatory oversight.
Here are three reasons why:
Paypal can freeze and wipe the balance of a user’s PYUSD holdings. Here is the PYUSD smart contract source code:
This is a centralization risk, the antithesis of “decentralization.” One entity has carte blanch authority to destroy your net worth. Maybe the US DoJ says you’re a threat to national security and subpoenas Paypal to freeze your assets. How is this any different from the current deep-state relationship the US federal government has with our corporate banking institutions? It’s not.
The PYUSD custodian can halt conversions and withdrawals
PYUSD is a custodied asset, this means you are trusting another entity to not only hold your assets but to also let you withdraw your assets when you want. It’s one big pinky promise.
In this scenario the asset is PYUSD, and the conversion is PYUSD → USD. If you have $100,000 in PYUSD and want to “cash out”, your withdrawal is submitted to a queue served by the entity holding real USD, in this case Paxos Bank. Paxos burns the PYUSD and remits USD to your account via a wire transfer.
Does Paxos sound familiar? It should, it is the same custodian that Binance used when CZ announced the BUSD stablecoin and auto-conversion of USDC to BUSD on the Binance network:
Binance did this to erode the USDC market share and increase the Binance.us presence within the United States. The problem? Paxos is a TradFi boomer bank that operates under US banking hours: 900AM to 500PM EST. Last December, under the FTX & Binance regulatory FUD BUSD experienced a peak of ~$3BUSD in daily withdrawals …
…that Binance could not serve because the Paxos Bank of NYC wasn’t open, literal physical constraints of stablecoin withdrawals as a byproduct of TradiFi working hours. CZ ultimately issued a statement to calm crypto twitter, indicating withdrawal delays were a function of bank operating hours…
….can you imagine a crypto future where custodied stablecoin asset withdrawals are delayed or subject to banking operating hours? I can’t. Nor do I want to imagine centralized custodians unilaterally dropping support for a specific stablecoin under the pressure of US regulators, which is exactly what Paxos did with BUSD.
Four months after CZ’s tweet, Paxos dropped support for BUSD under the spotlight of US regulatory pressure. The end result? In one quarter the BUSD supply, previously custodied by Paxos, the same custodian of PYUSD, drops from $22B USD to $11B USD. Paypal selecting Paxos as their stablecoin custodian is a trust risk, we are trusting that Paxos will serve redemptions for any amount at any time. How did that go for Binance?
PYUSD is subject to US stablecoin legislation
The dilemma of large US corporations partnering with US-based custodians is both parties are subject to the regulatory hell set forth by a segment of the population that is both corrupt and mediocre: U.S. lawmakers. Despite the nascent state of digital currency, US House Republicans recently published its draft version of stablecoin legislation which outlines the potential impact of a federally issued central bank digital currency.
The punchline?
The US SEC, and only the SEC, decides which banks and non-bank institutions can issue stablecoins, eloquently called “Permitted payment stablecoin issuers”.
But how does the SEC decide who becomes a “permitted stablecoin issuer”? In this 42-page draft, not a single measurable or specific rule that outlines issuer eligibility is disclosed. Instead, the draft offers a series of generic & qualitative characteristics institutions must follow to be eligible, specifically:
Financial Stability: The issuer's financial health, capital reserves, and ability to maintain the one-to-one backing for the stablecoin.
Operational Integrity: The issuer's operational capabilities, security measures, and technological infrastructure.
Transparency and Reporting: The issuer's willingness and capability to adhere to reporting requirements, undergo audits, and maintain transparency.
Compliance with Existing Laws: The issuer's track record of compliance with other financial regulations, anti-money laundering (AML) standards, and counter-terrorism financing (CTF) regulations.
Management and Governance: The quality and integrity of the issuer's management team, governance structures, and risk management protocols. - US House proporsal for stablecoin regulation June 2023
It gets worse. The draft outlines carte blanch rules that define how the SEC has regulatory authority to issue, revise, update, and implement new orders or rules which the “permitted payment stablecoin issuers” are mandated to follow, should they desire the privilege of being a chosen one.
What guardrails does the draft put in place to ensure our unelected leaders of the SEC act with impartiality and in the interest of the people? If you’re still reading this, you know the answer: there are no guardrails!
The rulemaking section of this legislation provides US regulators unchecked authority to issue orders, rules, and regulations across three vectors associated with:
Regulatory Oversight: The primary Federal payment stablecoin regulators have the power to oversee and regulate the issuance and management of stablecoins. This oversight ensures that stablecoin issuers adhere to the standards and requirements set forth in the act.
Flexibility in Regulation: The regulators have the discretion to issue new rules or modify existing ones as the stablecoin market evolves. This flexibility allows the regulators to address emerging risks and challenges in real-time.
Enforcement: The regulators have the authority to enforce compliance with the act. Non-compliance can result in penalties, restrictions, or other corrective actions - US House proporsal for stablecoin regulation June 2023
Do we really want to grant our regulators unlimited authority in deciding who gets to issue stablecoins, while permitting them to change the rules of the game at their sole discretion? Do we really want to bring the TradFi “too big to fail” banking system to crypto? Do we want the US government to decide how stablecoin institutions transact and who they transact with? I don’t, because if we did, the defacto result would be a permissioned stablecoin network of government-approved big banking institutions operating as the invisible hand of the SEC.
The Paypal PYUSD stablecoin and all centralized stablecoins are permissioned, trusted, and centralized. If you care about DeFi, I urge you to exclude these assets from your crypto portfolio.
This is no different from the US Transportation Security Administration deciding to launch a digital enforcement division tasked with “identifying enemies of the state and keeping our digital sky safe”. It would truly be blockchain hell.
To knowledge and wisdom,
John Cook
August 14th, 2023
San Francisco, CA
www.frontruncrypto.com
Article cover generated by DALL-E: “A Van Gogh style painting of a random walk down blockchain hell.”
Great read thanks John!
Thanks for this John. In your opinion, is there any scenario in which enterprise blockchains can coexist with the original decentralized vision, or are they fundamentally opposed?