The computer code of the majority of the top-raising initial coin offering (ICO) token sales failed to deliver on whitepaper promises to protect investors.
That’s the finding of two academics, David Hoffman, a law professor at the University of Pennsylvania and David Wishnick a fellow at the same institution, who together conducted a survey of the 50 ICOs that raised the most amount in the 2017 fundraising frenzy.
According to the pair “ICOs birthed a thousand millionaires” before the bubble burst.
The crypto code is not law – token sale contractual promises not coded
Hoffman says the central innovation of ICOs rested on the “possibility of using computer code to deliver on contractual promises.
The researchers compared the promises in the whitepaper to the actual computer code of the project to see to what extent promises had been hard-coded in.
Professor Hoffman found that the majority of projects failed to deliver on promised investor protection.
Things as fundamental as token supply were not coded into 20% of the cryptoasset surveyed which means that there was no protection against an ICO promoter simply minting more coins, thereby diluting the value of the tokens held by ICO investors.
Protection against team exits not in code of ICO smart contracts
Another key consideration for any investor doing their due diligence was the team lock-in to prevent them selling up and leaving investors high and dry.
Alarmingly, the University of Pennsylvania survey discovered that 25 of the 36 projects with explicit restrictions on team divestment had not included the parameter in their code.
Even worse, the academics found 12 cryptoassets that allowed a centralised entity to modify smart contract code, flying in the face of what is meant to be the essence of blockchain architecture where no trusted third party of centralised gatekeeper is present.
Of those 12 offending projects just four of them shared this information with investors.
Additionally, Hoffman says he “found no evidence that investors punished firms for failing to put investor protections into code”.
He said crypto rating agencies focused on the security risks around smart contracts but neglected to consider whether the code conformed with the promised investor protections.
With such lax practices in the industry, the individual private investor is burdened with having to audit the code themselves, an onerous task, if not impossible, for the average individual.
Bitmex Research published a report in January this year showing that ICO teams gave themselves a nominal $24.2 billion in tokens,
More crypto regulations for the SEC to consider
The solution proposed by Hoffman is for projects to be required to match promises in the whitepaper with deployed code, or to force cryptoasset promoters to provide plain English walkthroughs of what the code does.
As is so often the case in the crypto industry, the crypto projects can be their own worst enemy.
“Such market integrity measures won’t just protect investors, they will also build trust in the asset class itself and enable it to move from a curiosity to something of real economic worth,” Hoffman concludes in an article published in the print edition of the Financial Times.
Did you invest in an ICO? Do you know whether the project smart contract had investor protection hard-coded in? Share your experiences in the comments below and help to inform other investors.