According to new research findings from the University of Pennsylvania, many ICOs are taking their investors’ trust for granted. Not only do ICO developers seem to not implement promised features, the investment market as a whole seems to be optimal for ICOs that can be modified at any time. The researchers dug deep into code and public statements from the fifty top-grossing ICOs—finding evidence in the form of smart contracts, white papers and social media posts:
“Our results show that the vast majority (40 out of 50) of the top-grossing ICOs of 2017 had major problems with how code bore out their anti-exploitation disclosures.”
The paper approached the problem from three angles:
1. Whether ICOs promised to restrict the token supply
Limitations on token supply and circulation are essential parts of ICOs and affect a token’s market value. Although researchers found that the initial “minting” of tokens does hardcode a limit into an ICO’s token supply, they also found that other processes were not set in stone.
The paper examines the Kin token, noting that although smart contracts limited how much Kin could be dispensed to ICO investors, this cap can be changed at any time. In another example, the paper also found that token burns are not fully coded into Paragon and that Paragon’s transaction fees would deplete the token supply.
2. Whether ICOs promised to restrict the transfer of tokens to insiders
Many ICO startups allocate tokens to insiders but do not release those tokens immediately. Researchers found that Kin included a detailed vesting plan that allocated the token to both the Kik corporation and the Kin Foundation, trickling out tokens on a very specific schedule. Although the researchers found code for these grants, they found that the tokens went to a single trustee rather than the separate organizations:
“In other words, there’s nothing about the token code that enforces separate ownership…Instead, it depends entirely on … offline governance features.”
3. Whether ICOs retained code that could be modified, and whether this was disclosed
Many ICOs were found to retain centralized power through code that was accessible to ICO teams. The paper cites the recent hack of the Bancor exchange in which Bancor froze its native token. This event apparently led some people to turn their attention to the fact that tokens and smart contracts often have “kill switches”:
“[Many] ERC-20 tokens give centralized authority to the contract owner (ie. the company who did the ICO) to mint new tokens, pause all transfers, or overhaul the contracts inner-workings via an upgrade.”
In the domain of cryptocurrency, where an immutable, publicly auditable blockchain is the ultimate selling point, this report is a major blow to the already fragile status of ICOs. Although some ICOs are outright scams or have no value, it is not very reassuring that others are simply unreliable.
The post Penn Study: 4 In 5 Leading ICOs Don’t Keep Promises and May Contain Backdoors appeared first on UNHASHED.