State of Stables: Curve, PayPal, CBDC’s, What’s Next?

What is Curve?

Curve is a decentralized exchange (DEX) that is at the very core of decentralized finance (DeFi). It lives primarily on the Ethereum mainnet and was one of the first pioneers of veTokenomics.

Why Does It Matter?

As mentioned above, Curve is a critical component of the DeFi ecosystem at large. You could say it is a “blue-chip” of DeFi along the likes of Uniswap. What makes Curve distinct is its speciality surrounding stableswaps. It’s an ideal venue to, and important source of liquidity for, swapping stablecoins. If you’ve had a keen eye on the stablecoin subject, you’d know that alternative versions of Curve are being adopted by the likes of the Bank for International Settlements (BIS) for Central Bank Digital Currency (CBDC) pilots.

Embracing veTokenomics was a pivotal moment for Curve and DeFi more broadly as it solved a few problems. For stablecoins specifically, the model promotes the addition of more liquidity to pools thereby strengthening a stablecoin’s ability to keep its peg (e.g. tied to $1 USD).

Curve/Vyper Hack of July 30th, 2023

This event led to $73.5 million being compromised across multiple projects within Curve’s pools. Paul Revere in this instance came in the form of NFT lending protocol JPEG’d whereby announcing they were hacked for near $11 million. In a now deleted Tweet, Curve seemed to imply this was a flaw with the JPEG’d protocol. A few minutes later it became clear that certain Curve pools were at risk. This suddenly created a footrace between white-hat hackers and black-hat hackers. There was no time to be the turtle, only the hare. Soon after, Alchemix and Metronome lost $13.6 million and $1.6 million respectively in a similar fashion to JPEG’d.

Vyper is a smart contract programming language similar to the likes of Solidity. There’s been controversy as to “who’s to blame”, is it Curve, is it Vyper? The issue stems from a vulnerability within an older version of Vyper, specifically the compiler. This is what turns programming languages into machine code, the typical 0’s and 1’s we all come to think of when we think of computers. A reentrancy attack is an exploit where a smart contract (1) calls another smart contract (2). 2 calls back to 1 before 1 is able to finish executing. Because 2 can call back to 1 before 1 finishes executing, it can read and modify old values before 1 has the chance to update them. Reentrancy locks are meant to prevent these attacks, but because of a critical bug in the compiler, here we are today.

You still might be asking, what is a reentrancy attack? In its simplest form, imagine you have a voucher for 1 glazed donut. The employee at the counter goes to get your donut before taking the voucher. While they’re getting your donut, you call another server over to get you a donut as well.

Unbeknownst to the store and its employees, you just acquired 2 donuts instead of 1. This is what black-hat hackers did to the alETH/msETH/pETH pools on Curve. Not all is lost however, The Block recently reported that Curve has recovered about 70% of the stolen assets.

Although the situation was tragic and detrimental, events such as these are helpful for institutions like the BIS as they continue to go through research and development. If a functioning system is to exist at a global scale, bugs and errors like these cannot exist.

If you’d like to take a deeper dive into the technicalities of the Curve hack, I’d recommend checking out this episode of the Empire podcast. Lastly, if you’d like to learn more about reentrancy attacks, check out this blog post from Chainlink discussing The DAO hack.

PayPal’s Stablecoin: PYUSD

Other big news comes in the form of PayPal’s stablecoin. PYUSD will be issued by Paxos who also worked with Binance to issue BUSD. PayPal’s stablecoin will be based solely on Ethereum, at least initially. Not to mention, it will soon be available on Venmo. In 2022 it was estimated that 77.7 million Americans alone were active on Venmo.

If you read my previous article on interoperability, you might be thinking: “Hmm this is analogous to Swift and Chainlink providing ease of on-chain access to institutions. Exactly! It is on-ramp moments like these that drive adoption, bring in users, and help technology scale. The major difference here is that PYUSD is focused on the end-user, not institutions, particularly with the Venmo integration. The fact major developments are occurring for both parties is critical, and indicative of what the the on-chain future might have in store. It is also important to mention PayPal’s decision to go with Ethereum only further validates Ethereum as a global frontrunner.

Something critical to mention regarding PayPal’s stablecoin lies directly within the code. The functions ‘freeze’ and ‘wipeFrozenAddress’ allow PayPal to freeze and eliminate an address whenever they deem fit.

There’s been a lot of buzz regarding these functions, however, something that is often missed is that other stables have similar functions. This includes USDT and USDC. These functions do have critical utility despite the backlash of centralized control, censoring criminal groups and unethical hackers being one of them. In fact, USDT and USDC have over $500 million frozen for activities such as this.

If you’d like to dive into the numbers further, check out this Dune Dashboard!

Future Implications + FedNow

It’s no secret the road to regulatory clarity has been full of twists and turns. However, this is especially true as it pertains to the rollout of stablecoins. The political sphere has special interest in this topic for various reasons, one of the most prominent being FedNow in the United States. Although FedNow currently has no public initiative on CBDC’s, experts are alluding FedNow to be the precursor to the digital dollar. If PYUSD or any other stablecoin garners a concrete position in society, it will only be that much harder to enforce the implementation of FedNow. But what does that imply? By design, blockchain technology allows any and every transaction to be viewable and traceable. Through the lens of government oversight, control, support, censorship or however you personally view the intent, there is an unruly incentive for the federal government to have the centralized oversight to a stablecoin that is widely used. Why? Well, for various reasons including but not limited to: fraud and other financial crimes, any technical issues with the system at large, and/or oversight of the money supply.

Representative Maxine Waters expressed concern regarding PayPal’s stablecoin, stating: “I am deeply concerned that PayPal has chosen to launch its own stablecoin while there is still no federal framework for regulation, oversight, and enforcement of these assets.”

Circle, the issuer of USDC is certainly keeping a close eye as well. With $1 billion cash reserve pegged as insurance against a declining market and fresh competition, CEO Jeremy Allaire recently had this to say regarding recent developments: “I expect you will see many many, not just internet payments firms, but also all kinds of financial services companies and others begin to get more involved in this. It’s great to have this new competition. I do think it’s going to drive more and more companies into the field.”

Sticking to the theme, the Monetary Authority of Singapore (MAS), has finalized a regulatory framework for stablecoins. This framework will require regulated issuers to hold an adequate amount of reserves on hand and applies to any stablecoin pegged to the Singaporean dollar, or any other currency issued within its borders. Through embracing challenges and faults of projects in the APAC region (i.e Terra/Luna), they are spearheading policy on stablecoins and digital transformation more broadly. What is even more interesting is pondering what kind of pressure this places on entities like Western Union, who still have an advantage over cross-border payments for a multitude of reasons (e.g global adoption). However, the double-hop problem could sway momentum once solved for. The double-hop problem establishes that for most of the world’s users, a stablecoin would force that user to temporarily leave their preferred financial environment upon receipt of said stablecoin, only to go back to the world of bank accounts and tangible cash. These extra steps are inconvenient and expensive. Going in and out of stablecoins during a foreign exchange transaction doubles the fees. Seamlessness in process in addition to adoption is what will allow stablecoins to establish themselves in society.

On the company front, Mastercard even announced the creation of a forum where members of the crypto industry can discuss and collaborate on CBDC’s. As nations around the world consider whether to digitize their money, Mastercard getting involved could sway opinions.

Stablecoins seemingly lay a large portion of the groundwork for global crypto adoption because of the interest they draw from institutions and governments. In addition, they provide the most familiarity with the least amount of change for the population at large. In a similar fashion, all of the discussion and developments surrounding Bitcoin ETFs also applies… most familiarity with the least amount of change. In case you missed it, the first Bitcoin ETF was just approved in Europe! Baby steps, right?

It is undeniable that developments on these key fronts will shape how the on-chain future looks. What do you think lies ahead for stables?

Written without LLM’s :)