Why Finality Matters

Reversible transactions impose a hidden cost on everyone

TradFi is supposedly safe because we have centralized intermediaries to reverse mistaken transactions; crypto is described as dangerous because there’s no undo button. Transactions are final, so what if somebody screws up? It’s a common question from people steeped in traditional finance.

Credit cards have chargebacks. ACH payments take a couple business days. Amazon lets you return packages. If a bank transfers a million bucks into your account by accident, you’re not entitled to keep it. People screw up, and we need systems to rectify that. Atomic finance only works in a purely digital realm.

Yet people blind themselves to the shadow side of the credit regime. If payments aren’t truly final, but can be reversed up to 90 days later, then how can a business trust it will be paid for the long-gone goods and services?

Hidden Harms

Society has rickety scaffolding surrounding these systems - KYC’ed credit scores, opaque intermediaries, and finally legal recourse. This cure is worse than the disease! Since most people in privileged circumstances haven’t been personally harmed by these yet, let’s walk through the frequent inequities and ineffectiveness. And don’t worry, even if it doesn’t click now, experiential learners will have plenty of firsthand experience in coming years.

Credit scores are deep barriers to housing and employment, even among individuals who don’t need credit! They’re run by imbeciles such as Equifax leaking 147 million people’s personal information in 2017 (don’t worry, as restitution they let you view your credit report for free). Or maybe you’re among the 45 million Americans who are “credit invisible”, with insufficient information to create a credit score in the first place. You can’t opt out of sending data to these agencies, and one in five people have an error on their report. The system is broken for those at the bottom, and those at the top don’t care.

Opaque intermediaries can deplatform you without reason. Whether it’s the creator of Uniswap getting locked out of his bank without explanation, or PayPal stealing/escrowing your business revenue for six months while they review suspicious activity (no recourse, it’s in the terms of service!), the algorithm is as infuriating as it is inaccurate. But don’t we need to stop the bad guys? If so, KYC is an abject failure, affecting less than 0.1% of criminal finances while imposing absurd compliance costs on the average financial business owner.

Legal recourse is a pay-to-play game, and most can’t afford to pay. Even in the most optimistic scenarios, cases drag on for years. Mt Gox suspended trading in 2014, and even eight years later users don’t have their money back. Maybe a thriving business with healthy free-float can eat a lost decade, but for the average person that money is as good as gone. “Sorry, can’t pay my rent this month or year, but give me a decade and the cash will be at your doorstep!” Possession is nine-tenths of the law.

The phaseout of cash combined with huge reversibility risk in tradfi systems means that consumers are often forced into using centralized credit intermediaries, even when they can afford to pay upfront. Credit platforms eat some reversibility, deplatforming both consumers and business according to opaque risk algorithms, all while capturing a gigantic spread. When you make it as painful as possible to transact with bearer assets, you force normal people into a debt-ridden world of centralized intermediated KYC.

The Reversibility Proposal

We’ve just discussed how the tradfi status quo is not good enough, and how a system reliant on reversible credit rather than bearer assets imposes deep “invisible” harms on the lower classes. Now let’s focus specifically on the proposals made in this recent Stanford publication from renowned cryptographer Dan Boneh’s group. As a side note, Boneh’s 2018 discovery of more efficient BLS signature aggregation was a key breakthrough that let Ethereum’s PoS implementation move forward.

The main idea is to create new reversible token standards, ERC20R and ERC721R, where in the case of a token theft the victim has a short period of time in which to request that a “decentralized quorum of judges” freezes the tokens and then holds trial on whether to return the tokens to the victim or not.

Figure from the reversible transactions paper. Through a clever DAG approach, the judges can track token movements through the attacker’s original address and return tokens to the victim, regardless of where they ended up.

The paper also suggests an algorithm in which stolen tokens can be tracked to their final destinations, even if the attacker tries to obscure their movements through complex tracks.

While the intentions to fix theft are noble, the implementation is worrying for several reasons: (1) reversibility harms innocent bystanders rather than attackers; (2) reversibility is incompatible with most DeFi; (3) unnecessary governance is an attack vector that will be abused.

Reversibility is Broken

Consider OpenSea delisting stolen NFTs as a “soft” form of reversibility. It’s not full reversibility, as the victim doesn’t get their token back, but it harms the resale value of the token until it’s returned. This is a controversial policy, as the hacker often dumps the NFT at floor prices before the token can be blacklisted, so when the blacklist goes into effect it’s merely harming an innocent buyer who was excited to buy an NFT. The image below is a real-life example.

Complaints from OpenSea delisting stolen NFTs. Note that innocent buyers get rekt while the actual hacker gets away scot-free.

The impact on unknowing buyers is lessened today, because they can go trade on truly permissionless platforms, or at least select marketplaces which don’t abide by the OpenSea blacklist. The harm is nonzero, because people are often forced to dump these tainted assets at prices far below pre-hack market value.

Full reversibility would have far stronger implications. When a bored ape is yanked out of your wallet by the decentralized quorum of monkey judges, you own nothing. You have no recourse. This makes little sense - why should a random OpenSea or Uniswap user suffer the full brunt of consequences, while the victim who engaged in reckless behavior bears no burden? Of course we would all prefer that the hacker takes responsibility, but that’s not an option because they will instantly dump for censorship-resistant tokens.

It gets even worse when you start talking about Uniswap instead of OpenSea. If the attacker gets reversible tokens, they will simply swap for censorship-resistant tokens! Then when the quorum of judges gets around to freezing assets, the entire pool will stop functioning. When they reverse transactions, innocent LPs will get rekt (and the pool might be permanently bricked if its invariant makes certain assumptions). This makes reversible tokens completely unusable within both DeFi and NFT trading.

The paper authors sidestep this complete incompatibility with a tagline: “reversibility is viral”. Because reversible tokens can’t be used with irreversible tokens, they believe this will spawn an entire ecosystem composed entirely of reversible tokens. “Once some key tokens become reversible, other tokens are incentivized to do the same to eliminate this delay. In other words, reversibility is viral.” I have to believe that few people would be interested in such a strange setup where nobody really knows who owns what until days and weeks after the fact. Imagine opening up your portfolio not knowing whether you’ll own 10 reversible NFTs or 1 reversible NFT, because someone somewhere bought or sold an asset using stolen funds.

Escrow Fixes This

While the proposed solution is nonsensical, the paper does touch on a real problem: how do you adapt atomic payments to handle non-atomic transactions like buying physical goods online, or closing on a house? Counterparty risk is real in many transactions, and there’s no Chainlink oracle to prove that an Amazon package did or didn’t get delivered. The solution is simple: custodial escrow.

Both the buyer and the seller settle on a trusted third party to act as your “oracle”, the buyer atomically sends funds to their account, and when receipt of the non-atomic item is confirmed, the escrow agent atomically sends funds to the seller to close out the transaction.

Custodial escrow is not the same thing as reversible transactions. Reversible transactions allow money to continue moving while it’s still at risk of reversal, implicating innocent bystanders. Escrow locks the funds until payment is finalized, at which time the funds have no clawback risk. This key difference means that custodial escrow is compatible with composable applications like Uniswap and OpenSea, while reversible transactions are not. Neither does custodial escrow implicate innocent bystanders like reversible transactions could. Custodial escrow is an opt-in system built on immutable primitives, reversible transactions are a proposed replacement of immutable primitives with corruptible adjudicators.

Relative Privation

Some say we should accept reversible transactions because elements of DeFi and NFTs already have centralization today. Most NFTs can change metadata, some DeFi contracts have admin keys or proxy upgradeability that let dev teams change arbitrary data at will. USDC has an active blacklisting function and it hit widespread adoption, so what’s the problem?

While I’ll always push for immutable decentralized primitives over dangerous centralization, it’s key to recognize when a feature is an unfortunate edge case the issuers wished they didn’t have, and when a feature is a critical component that’s the primary product focus. If USDC reversed a transaction every time a user got phished, adoption would drop off a cliff. We’re seeing glimpses of this already, with MakerDAO discussing extreme measures to limit exposure to USDC. We need less centralization, not more.

Why Finality

Finality matters. Decentralized blockchains offering true bearer assets are revolutionary, a complete rejection of the touted norm that everything must be debt with counterparty risk held at a custodial intermediary.

Is code law? Of course not, theft is theft regardless of whether it happened in a San Francisco CVS or in the Ethereum blockchain. Yet sufficiently decentralized blockchains are supranational entities which interweave with various traditional sovereign jurisdictions, neither fully subject to nor fully immune from any individual nationstate. At risk of an arrogant comparison, blockchain state transition functions are similar to the laws of physics. Enough concerted human effort can change social consensus around blockchain rules & enough concerted human effort can unlock new abilities in the physical realm, but at the local level these setups are largely fixed environments which individuals and groups operate within.

Atomicity is beautiful. It reduces risk for both buyer and seller. It enables novel financial primitives like flashloans. These innovations reduce systemic risk. Money should move at the speed of the internet, not the speed of the postal service. When potential errors are catastrophic, escrow solves what reversibility does not.