Pedro Magalhães, a blockchain developer who claims to have reverse-engineered Brazil’s pilot CBDC has found code that would allow accounts to be frozen or drained at will.
News
A blockchain developer who claims to have reverse-engineered the source code of Brazil’s pilot central bank digital currency has discovered functions in the code that would allow a central authority to freeze funds or reduce balances.
He has since argued, however, that there could be situations that such functions could be beneficial.
The source code of the Real Digital pilot project was posted on GitHub portal on July 6 by Brazil’s top bank. It was explained at the time that the Real Digital pilot project is intended for use only in a test environment and that the “presented architecture” may be subject to additional changes.
Pedro Magalhães — a blockchain developer and founder of tech consulting firm Iora Labs — later that day claimed to have been able to “reverse engineer” the open source code of Banco Central do Brazil’s Digital Real, revealing functions in the code.
Among the functions included the ability to freeze and unfreeze accounts, increase and decrease the balances, move Real Digital from one address to another, and create or burn Real Digital from a certain address.
6/ These resources can be executed by any entity that receives proper permissions from the controlling entity of the new system — i.e. the Central Bank.
Among the changes authorities could potentially make using these functions are, for example: pic.twitter.com/AT5v1rOQbK
— Vini Barbosa (@vinibarbosabr) July 10, 2023
Magalhães told Cointelegraph that Brazil’s central bank will “probably” maintain these functions for the purpose of secured loan functions and other financial operations that can be carried out on decentralized finance protocols.
The problem, Magalhães explained, is that the code lacks specificity about the circumstances under which the tokens can be frozen, and, above all, who holds the power to execute them:
“One thing is to agree with an operation and execute a DeFi operation that involves different blockchains; another completely different thing is an institution having the ability to freeze the balance on its initiative, and that’s precisely how they’ve developed the smart contracts.”
These aspects should always be exposed in the smart contracts publicly and discussed with the population, which hasn’t been done yet,” he added.
Many in the cryptocurrency community have raised concerns that a CBDC has the potential to infringe on their financial freedom and encroach on their privacy.
11/ One of the purposes of publishing the pilot, as written in the project’s so-called “Onboarding Kit”, is to receive feedback — leaving all documentation subject to evolution or changes. And that’s exactly what developer Pedro Magalhães did: he provided feedback.
— Vini Barbosa (@vinibarbosabr) July 10, 2023
On a July 10 post, Magalhães said while Brazilian people’s concerns about a CBDC are understandable, it may actually offer some “benefits.”
He explained that taxes will be more easily traceable — enabling the public to inspect which resources tax funds are allocated to — in addition to inspecting purchases made by the state on-chain and strengthening transparency in parliamentary amendments.
Related: Visa, Microsoft and others join Brazilian CBDC pilot
Fabio Araujo, an economist at the Central Bank of Brazil explained in July 2022 that the Digital Real has the potential to halt bank runs and looks to provide entrepreneurs with a more safe and reliable environment to innovate.
The Digital Real pilot is reportedly running on Hyperledger Besu — a privately operated Ethereum Virtual Machine (EVM)-compatible blockchain.
Because it isn’t permissionless like the Bitcoin or Ethereum mainnets, users will need the central bank’s approval to become a node, Magalhães stated on July 7.
Magazine: Unstablecoins: Depegging, bank runs and other risks loom