Code is law, sometimes.
The failure of vesting smart contracts and limitations of token vesting agreements for crypto investors.
Web3 natives envision a future of sovereign nation-states: virtual “jurisdictions” that extend beyond the geography-based legal frameworks which exist today. Ethereum, the technology, and the virtual jurisdiction construct are framed to offer three benefits traditional nation-states cannot consistently provide: transparency, fairness, and incorruptibility.
Why are traditional nation-states unable to offer their citizens these benefits? The short answer: humans are fallible & subject to a spectrum of emotions that cloud our judgment.
The individuals we elect and the people they appoint are beholden to special interest groups that operate under a different set of laws written by highly-paid lobbyists who advocate for a regulatory landscape that crushes competition and silences the plebs who demand a more equal & fair playing field.
The 55 largest corporations in the USA (Nike, Fedex, Amazon, etc) pay $0 in federal income taxes. 
The top 25 wealthiest Americans paid just 3.4% in federal income tax, while the average American paid 14%. 
TikTok parent Bytedance spent $5.5m in 2022 lobbying D.C. bureaucrats to avoid data privacy regulation and sidestep claims of Chinese communist subversion on American citizens 
US Lawmakers kill legislation that prevents elected officials from owning US equities despite widespread support from American citizens 
Norfolk Southern, the train operator responsible for the derailment and crash that spewed hazardous materials in East Palestine, Ohio spent $1.8 million lobbying government officials for less regulatory oversight, including Ohio’s governor 
Public policy towards fair labor standards has pushed union memberships to record lows, while income inequality is at a 50-year high 
I could go on and on, but you get the idea; the system is broken, and blockchain is the technology that will save humanity; at least that’s what crypto twitter tells us. How? Public policy and the laws which control mankind will one day be governed by the principle of Code is law: a belief that humans will operate under a rule of law codified not in esoteric and complex legal jargon but in pure mathematics called smart contracts.
How is code law?
In the context of DeFi, the most compelling case for why code as law is the preferred path for humanity was made clear during the 2022 crypto winter when parties like FTX, Alameda Research, 3AC, Luna Foundation, BlockFi, Coinflex, Genesis, Celsius, Babel, Vauld, Bitmex, and many many more engaged in a series of off-chain lending agreements which became unenforceable when the underlying collateral supporting the trade went to zero.
“Code is law” solved this by codifying the loan terms (interest rates, liquidation thresholds, margin requirements, repayment cadence) on-chain via smart contracts. If the borrower fails to adhere to the agreed-upon loan terms, their principal is automatically liquidated, funds are automatically returned to the lending pool, and the borrower is automatically assessed a penalty.
Below is an example of this in action:
3AC executed a $182.4m USDC loan collateralized by $224.6M of ETH on Aave with a liquidation price of $1,012.50
When the safety ratio dropped < 100%, the loan is flagged as undercollateralized
A portion of the $224m principal is liquidated, and a penalty is assessed against the borrower to restore the safety ratio to > 120%
In the arena of real-world assets, code is law offers a novel and unique approach for raising capital in exchange for a stream of future income guaranteed by a physical asset. For example, new perpetual lending vaults like LandX (still testnet) offer crypto investors exposure to crop yield by providing capital to a global network of farmers. How?
Crypto investors deploy capital to a LendX wheat (or rice, or soy, or corn) lending vault
LendX deploys vault capital to farmers in exchange for a legal share of their crop
A lien is issued against the legal share of the land
Crypto investors receive an "xWHEAT”, “xSOY”, “xRICE” token, each token represents 1kilogram of the associated crop
Token holders receive an income stream from the underlying commodity and participate in any commodity appreciation
How are the rules related to token yield & exposure to the underlying crop codified? Via smart contracts. Code is law. For the borrow-lending platforms, smart contracts automatically manage contractual agreements on-chain. Code, not a bankruptcy court, is the final arbiter on repayment terms. This is the solution and the problem.
Code is law limitations
Despite my bullishness on contractual agreements enforced on-chain, there are serious limitations related to enforcing legal contracts via code, most notable with vesting smart contracts or “token vesting”.
Today, when crypto projects want to raise money from crypto VCs, an agreement is codified in an off-chain legal contract called a SAFT: A Simple Agreement for Future Tokens (SAFT). It’s exactly like it sounds, a legal document that gives the investor the right to tokens at some point in the future in exchange for investment capital today.
If you’ve ever wondered how crypto projects like Aptos, Solana and the gauntlet of other crypto projects with early investor allocations raise capital before a token launch, it’s because of SAFTs.
Below is page 1 of a sample SAFT contract from Protocol Labs & Cooley; note the following:
An agreement to provide the project a pre-defined amount of fiat capital
A promise to provide tokens to the investor upon launch of the “network” (or DeFi project) at discount
A promise that tokens will be provided to the investor in the agreed-upon terms outlined in the SAFT
Since SAFTs are an off-chain agreement between two parties: money now in exchange for tokens later, the mechanisms crypto projects use to manage token vesting and investor distributions when a token is eventually released is:
Automated - vesting and unlock schedules are managed via vesting smart contracts like Magna or Liquifi
Manual - A human and/or internal team manually deploys & transfers unlocked + vested tokens to investors
For clarity, option 2 is insane but is more common than we like to admit. For example, perpetual trading platform dYdX announced a change in its vesting schedule by extending its lock-up window to 12/1/23:
For now, table the idea that dYdX violated the law by changing its vesting & unlock schedule previously enshrined in an off-chain legal agreement (the SAFT) and focus on the on-chain analysis triggered as a result of this announcement. Crypto twitter began to question how dYdX was managing its vesting schedule in the first place, and the results are surprising:
Token distribution = manual
Token unlock management = non-existent
Below are examples.
Example 1 - dYdX Foundation wallet
The dYdX deployer 0x30 transferred ~ 293m ( ~29% of the total allocation) tokens at genesis to 0xb4 soon after the token was created:
What is 0xb4? It is the EOA/multi-sig wallet for the dYdX foundation.
Why does this matter? 0xb4 is not a contract account; it has no vesting contract, it’s a regular multi-sig/EOA wallet with a public + private key. How can 0xb4, a wallet controlled by dYdX, move 293 million of its tokens when its current circulating supply is ~200m?
Moreover, the wallet currently has ~270k dYdX tokens. What happened to the other ~270m? Where did the tokens go, and how was the unlock schedule enforced, if at all?
Example 2 - Wintermule
Over a year, crypto VC Wintermule received >~4m across “locked” dYdX tokens to a single wallet co-mingled with unlocked dYdX tokens. I use the word “locked” loosely because there is no on-chain and/or contract-control mechanism to enforce the distribution schedule of the aforementioned 4 million dYdX tokens.
The dYdX tokens were transferred to a Wintermule wallet, whose fund managers in turn said: “trust me bro, we got it from here”. To Wintermule’s credit, their internal control process eventually transferred the ~4m of dYdX tokens to a separate EOA account 0x63, where the asset remains to this day.
Why is co-mingling locked tokens with unlocked tokens a bad idea? Why leave it up to investors to track their vesting schedules? It’s tough.
Example 3 - Coinbase CEO Brian Armstrong
Below is an example of Coinbase CEO Brian Armstrong receiving ~386k “locked” dYdX coins…
As you can see, he sells ~4,800 dYdX “locked” tokens, only to repurchase them at a higher price when he realized they were supposed to be locked! I don’t think Brian acted with nefarious intentions, but this is a clear example of why “manually managing” token vesting is a horrible idea.
Example 4 - Anon with 1,000 dYdX tokens
Here is another example of an investor who sells 1,000 locked dYdX tokens only to have to repurchase the tokens a year later at a higher price…
Example 5 - Staked dYdX tokens
…and here is another investor staking locked dYdX tokens, only to be told that it wasn’t allowed:
dYdX had no contract controls or vesting contracts to enforce its unlock schedule and circulating token supply. It instead relied on an internal team, and threats of legal action to monitor its investor token movement & compliance with its new unlock schedule.
Are automated vesting smart contracts better?
You could make an argument that this is a case for proper vesting smart contracts, why? Vesting smart contracts promise investors the following:
A restriction of token supply (protection against token inflation)
A restriction of token transfers (a lock-up or vesting schedule)
An agreement to limit the power to modify the smart-contract code governing the token vesting schedule
Point 3 is particularly important because the value of a token is defined by its smart contract. Ideally, the modifiability of the smart contract should impact the token price and receive intense investor scrutiny. A vesting smart contract may prevent investors like Brian Armstrong from selling locked tokens, but it doesn’t prevent protocols from modifying the agreed-upon terms.
On January 25th, 2023 the dYdX Foundation announced an amendment to postpone the unlock of its token until 12/1/23.
…dYdX Foundation announced that dYdX Trading Inc., dYdX Foundation and certain parties to the Warrants to Purchase Tokens signed an amendment (the "Amendment") to, among other things, postpone the initial release date applicable to investor $DYDX tokens to December 1, 2023. Source - dYdX governance
This was not a governance vote set forth by the dYdX token holders; it was a top-down decision made by its foundation in partnership with its shareholders to amend an existing agreement. Code cannot be law when the humans which govern the code are allowed to modify the terms unilaterally, subject to enforcement via off-chain legal threats. This also introduces other challenges with the entire token-based governance construct:
The top 6 holders of the dYdX token control 90% of the supply 
Protocol revenue accrues to a dYdX LLC and not the actual token holders
The lack of utility and revenue sharing between the dYdX holders and its LLC creates a conflict of interest between retail traders and inside investors. The limited utility makes project owners less incentivized to drive real token demand. The net result? Price action is a byproduct of speculative demand from “time-based sell pressure” e.g. delaying insider token unlocks, rather than merit-based buying .
What is the answer?
It’s not lost on me that what I’ve described doesn’t cast the virtual sovereign nation-state narrative in the most compelling manner. Still, we should demand more accountability towards crypto projects that raise capital on-chain. A 2018 study from UPenn examined 50 ICO offerings to understand if the promises outlined in the token whitepaper matched the code in the smart contract. The results were shocking:
Only 37 of the 46 auditable issuers promised vesting in their marketing documents or white papers. Of those that promised to vest, the vast majority (29 of 37) apparently did not use smart contracts to encode those rights…
… only about 2 in 3 firms that we audited (31 of 46) encoded a supply restriction, even though about 90 percent (41 of 46) promised it..
… only 7 of the 50 firms discussed the token’s modifiability in their marketing materials or soft contracts. But overall, 10 of the 50 firms permit modification through their code, 60 percent of which (6 of 10) did not discuss modification but still encoded it.
This was in 2018, yet here we are five years later, making the same mistakes. Until the web3 community solves the inconsistencies associated with token vesting mechanics, there is no future where investors can rely on “code as law” to ensure an accurate distribution of their tokens.
There are > 20 vesting smart contract solutions available, and given that a subset of projects still choose to manage their token distributions manually, investors governed by SAFTs will be required to find an external solution to manage their portfolio. For now, this has meant spreadsheets and excel.
For VC funds and individual investors in the frontrun community who struggle with token management & reconciling your portfolio against off-chain SAFT agreements, I encourage you to explore institutional SAFT and token management platforms like Lancelot to escape the burden of spreadsheets.
To knowledge and wisdom,
March 4th, 2023
San Francisco, CA
✍️ Other Frontrun content:
Frontrun EP18 - Coinbase on Optimism | Code is not law | 2023 ICO craze | Binance shutdown
Article cover generated by DALL-E: “Pixel art of an AI judge reading a guilty plea to a software engineer before he gets sent to a virtual prison in the metaverse”