A new legal paper released by a team from the University of Pennsylvania School of Law entitled “Coin-Operated Capitalism” makes a number of startling and illuminating statements about the world of ICO’s that has developed in the last 18 months or so. According to the paper, the vast majority of projects that promise features such as team token vesting periods, and promises of no additional tokens minted do not contain any such code within their smart contracts.

Of the top 50 projects that the team analyzed, only 10 of them actually contained all of the relevant code in their contracts.

Brave New Coin-Op World

Think about the last time you invested in an ICO. Did you take the time to dig through all of the source code to verify that the promises made in the white paper or marketing materials were indeed included in the smart contracts themselves?

If you’re like most people, your answer is almost certainly a no. More likely than not, you based your buying decision on a combination of factors such as marketing, a white paper, an explainer video on YouTube, or perhaps just as a result of hype building around the project.

The authors of the paper write:

One take-home is that no one reads smart contracts, making them a rickety wheel on the ICO investment vehicle.

What this basically means is that you, the investor, are putting your trust into the operators of the ICO that you’re investing in. Cryptocurrencies usually operate under the ideology that they should be trustless. That means you shouldn’t need to trust a person ,and instead you can trust the code since it’s immutable.

Read: Beginner’s Guide to ICOs

But that may not always be the case. And according to the University of Pennsylvania paper, we as investors seem to be putting a lot of trust in people who might not deserve it.

According to the paper, a “minted crypto asset is created through an act of founder fiat.” But aren’t currencies created by fiat alone the antithesis of cryptocurrency?

ICO’s Ripe for Fraud, Lies by Omission

The paper describes how ICO assets can provide an amazing degree of flexibility for start up companies. The problem is, with investors willing to buy into projects that have significantly weak or incomplete smart contracts behind them, the chance for investors to be defrauded is high.

The UoP team writes:

[Token minting] creates an opportunity for early-stage blockchain projects to rapidly raise capital without the formalities required by corporate law and regulatory regimes. But it also opens the door to fraudsters, who mint and sell tokens based on the expectation of a given supply schedule, only to mint more than expected—or to mint a special stash for themselves.

They continue later on, saying:

Beyond the specific protections against inflation of supply, and desertion by key people, the promise of cryptoassets has also rested on the idea that investors are protected by the immutability of blockchain code. As we noted above, lawyers might well think of this as a wacky idea. And sure enough, immutability has indeed gone by the wayside for a number of ICO projects.

A Not So Tasty “Desert”

Another type of fraud of sorts that the paper describes is called founder desertion.

Basically speaking, founder desertion is when a project founder launches an ICO, and then quickly dumps all of their tokens onto the market. As founders typically hold a lot of tokens, these movements can severely damage a new crypto asset and can destroy investor confidence.

One thing that could prevent, or at least greatly restrict, investor desertion is a smart contract hard coded vestment period where founders simply cannot sell their tokens until a certain date or amount of time has passed.

For example, a project could state that founders will not get access to their tokens until six or 12 months have passed. The idea is to give the project enough time to stabilize and find its feet before founders are able to search for an exit. But as with the previous issue, most ICO’s that promise vesting do not include vesting within the contract code itself.

The Paper-Code Distance

As a method of assembling the data into an easily digestible form, the authors of the paper created a system that they call the paper-code distance.

Basically speaking, it’s a way to quantify the difference between what is promised in the white paper, and what is actually enforced in the code. The paper specifically cites investor protections that we would hope to see such as supply protection, burning, vesting, or any other aspects of the token or coin that can be modified later without investor consent such as what it can be used for.

Each project was given a score of 0 to 4, with 0 meaning the code reflects the promises of the paper completely, and 4 meaning that there are significant differences between what was promised, and what was coded.

Of the 50 ICOs, 10 (20%) have no distance, 30 (60%) have one, 8 (16%) have two, 1 (2%) had three, and 1 (2%) has four.

In short, while most projects code in some protections, only 20% of them code all of them.

Legal Safeguards Lacking

The paper closes by reminding us of a very important yet unpleasant reality. There are very few legal protections available for ICO investors in the event that promises made by the team are not kept.

Read: Are ICOs a Security ?

While ICO’s that come from US or EU based projects, for example, are fully subject to investment laws (and thus provide at least some degree of protection for investors), there is nothing stopping a group from launching an ICO that is based in a jurisdiction that offers little to no protection for ICO investors as the laws may either simply not exist, or exist but not be applicable to digital assets.

…the legal safeguards against ICO investor exploitation are, at present, significantly weaker than in other investment markets. It is easy for an issuer to set up shop in a low-regulation jurisdiction, and the architecture of the cryptoeconomy enables far more user and promoter anonymity than typical markets.

It’s our best guess that the main theme or point of the paper is that this trend needs to stop.

We as investors need to expect more from projects or companies that we invest in through ICOs. Safeguards need to be put in place so that promises that are made on paper are enforced through code.

But the hard truth of the matter is that generally speaking, no one is checking the code before investing. And that is in part because very few of us are programmers or are code-literate, and even fewer of us even bother to give an afterthought to what’s really going on behind the scenes when we decide to make a high-risk investment like buying into a trendy ICO.

Perhaps it’s time we took a moment to think before once again clicking on that shiny ‘buy’ button.