Scholars affiliated with the University of Pennsylvania recently produced a paper about digital currencies and initial coin offerings, “Coin Operated Capitalism.”
The gist of the paper is that the purchase of such tokens may be riskier than investors have thus far been led to expect and may entail more risk than can properly be said to have been priced in to the value of the tokens.
“Our main finding is, in a financial ecosystem built around the proposition that regulation is unnecessary because code is the final guarantee of performance, often ICOs are not embedding the governance promises they make—which protect investors against exploitation—in software code,” says David Hoffman, the leader of the group, and a contracts law expert at UPenn Law.
The team also includes Shaanan Cohney (a graduate student in both law and computer science); Jeremy Sklaroff, a recent graduate of the JD/MBA program at Penn Law and the Wharton School; and David Wishnick, an academic fellow at the law school’s Center for Technology, Innovation, and Competition.
This team studied the 50 ICOs that raised the most money in 2017, analyzing both the actual working of the cryptocurrencies they delivered and the promises made by the promoters in each case.
Red Flags
Although there is little academic literature on such points (and Hoffman’s team claims that theirs is the first detailed analysis of ICOs in the legal literature) the financial press has certainly carried some valuable prose on the subject. This spring, the Wall Street Journal ran a story headlined, “Buyer Beware: Hundreds of Bitcoin Wannabes Show Hallmarks of Fraud.” That story, by the WSJ’s Shane Shifflett and Coulter Jones, found as the headline suggests that 20% of the ICOs the reporters studied had red flags, or “hallmarks,” of fraud. For example, plagiarism of earlier ICO white papers in one’s own is one such red flag, and puffing-up of the profiles of the founders is another.
But Hoffman, et al. want to go far beyond anecdotes or the cataloguing of red flags. They hope that their study says something about “the uneasy relationships between law and technology in our present moment.” Smart contract design, in particular illustrates to these authors that “code does have the potential to become a substitute and complement for old-fashioned legal governance in financial contracting.” [Italics added.]
Nonetheless, the degree to which the assurances provided to ICO investors about risk management exceed what actually is in the code illustrates that this “potential” is not yet a reality.
Coding and Accessibility
These scholars are especially interested in ERC-30, the standard that has developed within the Ethereum community.
Within that community, “part of the appeal of crypto assets and smart contracts that operate on blockchains operates in their ‘immutable’ nature.” Whenever one party “holds the power to modify formal relations” unilaterally, the other parties bear a risk. This is a risk that, in popular conception, the very nature of the blockchain works against.
Ethereum nodes operate a virtual computer, or “machine,” (the EVM) which uses data and code (smart contracts) stored on the Ethereum ledger. The smart contracts exist in byte code, which the smart people on Hoffman’s team consider complex and hard to read, so I suppose there is little hope for the rest of us.
The underlying smart contracts aren’t written in byte code. They are written in a more intuitive code called Solidity, and a program called a “compiler” translates the Solidity source code into Ethereum bytecode.
This is important because it is one respect in which the Hoffman team considers it “incredibly unlikely that [investors] have the technical skills” to monitor a development team’s use of modification. This means that investor flight is not likely to work as a form of discipline for “hasty or abusive changes” of the terms initially set on such issues as the total supply of the tokens, the protocol for “burning” some tokens at intervals, etc. Managers could well be modifying contracts unilaterally under the cover of this technical opacity.
Do Prices Reflect the Opacity/Uncertainty?
The article pays special attention to the Polybius ICO. Polybius was aimed at the creation of a digital bank accessible everywhere at every time but with no branches or physical front-offices. Its white paper made several claims that, according to the Penn University scholars, “would lead us to expect certain features directly coded into tokens or other smart contracts.” But Hoffman and colleagues weren’t able to verify that such features had been coded into those contracts, “largely because Polybius’ coded governance exists in bytecode.” Hoffman don’t believe that the rules are coded. They are certain that “immutability has indeed gone by the wayside for a number of ICO projects.” With regards to Polybius in particular, they could be wrong, and if they are wrong and the rules are within the bytecode, they “hope to be corrected.”
At a minimum, the impenetrability of the bytecode creates grounds for uncertainty.
Could promoters say that this uncertainty is priced into the market value of the coins? These scholars say that the market metrics they have been able to observe don’t lend any support to the optimistic thesis that the uncertainties are priced in. Also, the “buy-side literature today rarely treats the guts of code as something worth considering.” Neither does the related but distinct body of valuation literature.
Yet if uncertainty on such key points hasn’t been priced in then, by definition, buyers/investors, are overpaying.