Smart contract counterparty and crypto custody risk? Institutional barriers?
Logically the counterparty in a providing liquidity in a DEX, or a DeFi lending protocol is the smart contract? Who takes responsibility if the smart contract is hacked or the funds are drained through an exploit using a flash loan? Are the developers of the contract responsible for the loss of funds? Is the smart contract covered by insurance?
These are valid questions not only for individuals, they will be the type of questions a compliance officer in a regulated institution will be asking.
The draining of a smart contract and the consequences are the symptom of an adversarial environment with pseudo-anonymous addresses. The parallels are seen where there are unbound resources such as international waters where factory ships can hoover up vast quantities of fish with no regard for the fish population, sustainability, or other fishing boats.
In a fully permissionless, public network where everything is fair game and exploits are part of doing business, it is hard for regulated businesses to take part. The businesses are accountable to the regulators of the jurisdiction they are registered and to their customers who they sign agreements with. Clearly, these businesses cannot say to their regulators and customers “well, what you have to understand is that this is fully free, decentralized finance, and no rules apply”.
So what? Regulated businesses can’t join the party because of the issues around counterparty risk in smart contracts? It matters as it excludes businesses with a lot of capital to deploy and it will help with mass adoption with greater volumes and liquidity.
How is the counterparty risk mitigated? What solutions are there? The approach taken by Tgrade and the Trusted Circles is that the smart contracts are permissioned to a Trusted Circle for use by the participants. As there has been an onboarding process, it is likely that there has been a legal contract signed including terms of use, verification, and the link established between identity and the tgrade address. The Trusted Circle mechanism has been designed as a basic framework and the implementation of governance around the framework is determined by the person or group setting them up. In the case of counterparty risk of a smart contract, it would be possible to include a “no hacking” clause or a general-purpose clause around what is acceptable, and if there was an exploit then the address which was the beneficiary is known through the onboarding process and action can be taken.
There is a balance to be stuck between disclosure, accountability, and freedom to innovate. This balance can be set with a basic framework of rules governing behaviour with the right incentives and punishments in place to reward and enforce the rules.
Custody and crypto
In my earlier article When is a wallet not a wallet? I put forward an argument that semantics matter. I made a case that a wallet in crypto doesn’t hold funds and is primarily about managing keys and signing transactions meaning that it should be referred to as a fob (for holding keys) rather than a wallet.
There is a similar way of thinking about the semantics of custody. In the traditional world, a custodian function is clear, securities are deposited with a trustworthy institution that is highly regulated and ensures that the inventory is looked after to protect their holders and segregate it from trading and market making, and form an important role in managing the cash legs of trade being settled.
In blockchain, we have a public, immutable, ledger and as such we do not book tokens from one entity’s ledger to another, each of which is hidden from the other as is done in the traditional world. The transfer of tokens from one address to another is all done on-chain. The term custody is to look after the assets on behalf of others in the traditional world. So how is the term applied to cryptocurrencies and blockchain, since we are not looking after the assets which are recorded on an immutable ledger, then what are we being the custodian of? In the blockchain sense custodians are guardians of the keys to accounts held on the blockchain, and in no interpretation can crypto custodians be seen as “holding” assets other than by the defacto holding of the keys.
When considering semantics the term custody is correct in that there are assets that are being held, however, the nature of the assets is very different and can lead to confusion.
It would be helpful if the term custody is applied only to the traditional markets as the custodians are holding assets on behalf of their customers on their own ledgers subject to strict regulations. That then brings us back to the term as applied to crypto, and while there is an argument following the logic “Not your keys, not your tokens” that the tokens are being held by the custodian as they hold the keys, it is loaded with assumptions and ambiguity for those not familiar with the industry. The assumption lead to discussions around separations of trading and custody, which is how traditional markets, work, and how this needs to be done in crypto and this is where the term custody is misunderstood. In the traditional markets the need for segregation and the role of custodians is important for market stability and risk mitigation and this is firmly addressed with a public, immutable, ledger rending the traditional role of a custodian redundant.
Would the term guardian or keyholder be better terms to avoid the ambiguity of what is meant by custody?
Semantics matter and having precise, unambiguous, terminology in place would make it easier to understand the cryptocurrency and blockchain space as well as avoid lengthy debates based on misconceptions or interpretations based on an understanding of a different landscape.
The main purpose of a crypto-custodian is the securing of the private keys and this is either achieved through hardware such as HSM or multi-part computing or threshold signatures.
Clearly, there is a significant risk around securing a private key and the consequences are catastrophic if the key and recovery phrase is lost as the key holder can no longer access their funds. Pooling a bunch of private keys, to manage them and sign on their behalf is a valid option for a custodian and needs a very well-managed set of layers to ensure security and resistance to attempts to steal the keys. It does, however, make it a honeypot for hackers or inside attacks.
The keyholders’ role is valuable for holders who are worried about securing a large portfolio or for a corporate who have layers of authorization. Innovation will develop robust solutions around the protection of the “keys to the bank” which does not involve transferring assets to “safekeeping or custodial addresses”
