- PayPal launched its stablecoin on the Ethereum blockchain.
- Huobi has already announced it will launch the new stablecoin.
- The PYUSD has an “assetProtection” role that can wipe your balance in two transactions (first `freeze`, then `wipeFrozenAddress`).
The recently launched Paypal stablecoin, the Paypal USD (PYUSD), has been reviewed by Pashov, an expert in smart contracts security reviews. The PYUSD was announced on August 7 and a brief review has shown some unsettling revelations as posted by Pashov on X platform on the same day that the stablecoin was launched.
The new Paypal USD stablecoin has an "assetProtection" role which can wipe your balance in two transactions (first `freeze`, then `wipeFrozenAddress`)
In smart contract security we call this a "centralisation attack vector" pic.twitter.com/RsmqvsnKvi
— pashov (@pashovkrum) August 7, 2023
According to Pashov, selected development team members at PayPal will be able to execute delicate code functionalities like freezing accounts and cleaning frozen account balances using the “assetProtection” role.
USDT and USDC have similar attack vectors
While a majority of crypto enthusiasts expected PayPal’s stablecoin to stand out, Pashov’s revelation revealed that the new Paypal USD stablecoin is no different to USDT and USDC in terms of security.
The PayPal USD (PYUSD), the Tether (USDT), and the USD Coin ( USDC), all have “assetProtection” role, which in smart contract security is referred to as a ‘centralization attack vector.’”
Newsflash: USDT & USDC both have similar attack vectors as well. I thought this one might be different, but it's really isn't.
— pashov (@pashovkrum) August 7, 2023
The feature makes PayPal stablecoin a centralized stablecoin just like a majority of other popular stablecoins.