Pashov — an expert in smart contracts security reviews — has reviewed the freshly launched stablecoin: Paypal USD (PYUSD), by one of the largest payment companies in the world, PayPal (NASDAQ: PYPL). The PYUSD was announced on August 7 and the brief review was posted on Twitter (X) on the same day, with some concerning revelations.
“The new Paypal USD stablecoin has an “assetProtection” role which can wipe your balance in two transactions (first `freeze`, then `wipeFrozenAddress`). In smart contract security we call this a ‘centralization attack vector.’”
— Pashov (@pashovkrum)
According to Pashov, PayPal will be able to concede a special role to selected development team members, which will be able to execute delicate code functionalities, such as freezing accounts and cleaning frozen account balances.
Picks for you
The expert was able to access the smart contract source code at etherscan.deth.net, a platform for public code audits on Ethereum (ETH) smart contracts.
As in his Twitter bio, Pashov has “done over 30 solo smart contract security reviews, found over 40 Critical & High severity issues. Protected 8 figures of TVL”.
Other centralization concerns
The original poster also states that this “centralization attack vector” is also present on leading stablecoins such as Tether USD (USDT) and Circle USD (USDC), as both have similar code functions.
David “JoelKatz” Schwartz, CTO at Ripple (XRP), says this is “nonsense”. Pointing to the fact that the centralization actually lies “on PayPal being legally obligated to redeem it [PYUSD] for dollars”.
“This mitigates that risk by helping to prevent innocent people from receiving tokens that PayPal is not legally obligated to redeem.”
— David “JoelKatz” Schwartz, CTO at Ripple
Other crypto enthusiasts and specialists are also assuming a critical position in this new PayPal endeavor. Sasha Hodder, founder of Hodder Law Firm, lists a few other centralization attack vectors that she was able to find in the project’s terms and conditions:
- Full KYC
- Custody by Paxos
- Tied to your PayPal login
- PayPal can reverse any transaction
- Claimed to be fully backed by actual USD
“All the censorship capabilities of a CBDC, but launched by big tech instead of the government”.
— Sasha Hodder
However, there are a few Ethereum supporters on Twitter celebrating the fact that this big company from the traditional finances (TradFi) has chosen the Ethereum Network to build their stablecoin, the Paypal USD. Which, in their opinion, helps to validate the use case for smart contracts blockchain in the leading project by market cap.
