On August 7th, payment giant PayPal announced the launch of the PayPal USD (PYUSD) stablecoin. This stablecoin is issued by Paxos and its contract has been deployed on the Ethereum mainnet. Upon inspecting its contract code, it becomes evident that the PYUSD contract code is quite similar to that of USDP, another stablecoin issued by Paxos. The only notable difference is the addition of an external function called "increaseSupply."
Centralized stablecoins primarily operate by collateralizing with fiat currencies. The stablecoin issuer will stake assets such as fiat currency in a bank account as a reserve for its on-chain stablecoins. This article primarily employs Beosin VaaS to scan stablecoins' smart contracts, examining their logic and uncovering differences among various types of centralized stablecoins.
USDT
1. Potential Fees
USDT employs two variables, namely "basisPointsRate" and "maximumFee," to define the fees users need to pay to Tether Ltd. when using USDT. The highest fee is set at 50 USDT. Currently, these two variables are both set to 0, indicating that users do not need to pay any additional fees to Tether Ltd. when using USDT.
Contract Address: https://etherscan.io/address/0xdac17f958d2ee523a2206206994597c13d831ec7#code
2. Blacklist:
Tether Ltd. has implemented a blacklist function in the USDT token contract. If an address is added to the blacklist, that address is restricted from invoking the "transfer()" or "transferFrom()" functions to move USDT. Moreover, Tether Ltd. has the capability to use the "destroyBlackFunds()" function, which sets the USDT balance of blacklisted users to 0, thereby countering blacklisted users.
Contract Address: https://etherscan.io/address/0xdac17f958d2ee523a2206206994597c13d831ec7#code
USDC
USDC does not impose any fees. Similar to USDT, USDC also employs a blacklist mechanism where addresses on the blacklist are unable to invoke any functions of the USDC contract. However, USDC does not possess a function akin to USDT's "destroyBlackFunds()" function.
All external functions of USDC require that the address is not on the blacklist.
USDP/BUSD/PYUSD
1. Blacklist
The code of USDP, BUSD, and PYUSD is fundamentally similar. Like other centralized stablecoins, they also feature a blacklist functionality, enabling the addition of an address to the "frozen" list to restrict transfers related to USDP and PYUSD. USDP, BUSD, and PYUSD have a function called "wipeFrozenAddress()," which serves a purpose similar to USDT's "destroyBlackFunds()" function, resetting the stablecoin balances of addresses in the "frozen" list to 0.
https://etherscan.io/token/0xe17b8aDF8E46b15f3F9aB4Bb9E3b6e31Db09126E#code
2. Whitelist
USDP, BUSD, and PYUSD introduce the concept of "assetProtectionRole," akin to a whitelist. Addresses adorned with the "assetProtectionRole" modifier can add an address to the "frozen" list or invoke the "wipeFrozenAddress()" function.
3. Gasless Transfers
USDP, BUSD, and PYUSD further provide two functions: "betaDelegatedTransfer()" and "betaDelegatedTransferBatch()." These allow users to initiate stablecoin transfers without incurring gas fees, by providing signed information and enabling approved parties to act as proxies for users in the transaction.
https://etherscan.io/token/0xe17b8aDF8E46b15f3F9aB4Bb9E3b6e31Db09126E#code
Conclusion
Centralized stablecoins adopt blacklist mechanisms to meet regulatory and anti-money laundering requirements. Stablecoins issued by Paxos offer some innovations compared to USDT and USDC. PayPal's deployment of stablecoins on public blockchains will further advance the USD stablecoin market, enabling millions of users to enter the realm of cryptocurrency through the PayPal payment platform.
Beosin is a leading global blockchain security company co-founded by several professors from world-renowned universities and there are 40+ PhDs in the team, and set up offices in 10+ cities including Hong Kong, Singapore, Tokyo and Miami. With the mission of "Securing Blockchain Ecosystem", Beosin provides "All-in-one" blockchain security solution covering Smart Contract Audit, Risk Monitoring & Alert, KYT/AML, and Crypto Tracing. Beosin has already audited more than 3000 smart contracts including famous Web3 projects PancakeSwap, Uniswap, DAI, OKSwap and all of them are monitored by Beosin EagleEye. The KYT AML are serving 100+ institutions including Binance.