Opinions are my own as a community member, not representative of my team or project.
TL;DR look deeper into the not-so-obvious underlying market need that motivated ZSAs, and solve it directly and in accordance with our values, rather than punt it to an external ecosystem.
ZSAs divide the community. While the market hints that privacy-conscious crypto users might soon seek out multi-asset shielded pools, voices in our community including the coinholder sentiment poll object to ZSAs. Valid concerns were raised about welcoming and thus normalizing centralized issuers, or otherwise diluting and detracting from ZCash’s mission. The proposal seems too contentious to ship, at least for upgrades in the very near future.
ZCash should not become a “platform business”. History shows that blockchains taking the form of platform businesses have allowed ecosystems of tokens to be launched on-top, whose issuers have their own self-interests that often clash with the ideals of their baselayers. This is something ZCash especially cannot risk, since its goal of delivering privacy is sensitive and of utmost importance and conviction.
While we are right to resist temptations to cave into unsubstantiated hype from the industry, it is clear that there is something to be learned from the market signals. The most widely-discussed use-case for ZSAs are stablecoins. Many individuals seeking privacy want to transact in USD. Not because they are bullish on the inflating and uncertain status of the US dollar, but because the volatility of cryptocurrency is an obstacle to its viability as a medium of exchange.
To meet this need, ZCash should have its own solution for a stable medium-of-exchange. The design goals must be set with extreme caution to avoid deadly pitfalls.
It is believed that stablecoins follow a trilemma, where any such mechanism can only choose two of these three properties:
-
Decentralization
-
Stability
-
Capital Efficiency
Other blockchain ecosystems are squeamish about trading off capital efficiency because they are fixated on the unit-of-account use-case, rather than the medium-of-exchange use-case. Since our goal is p2p electronic cash and not to move finance on-chain, it makes sense for a ZCash-native stability primitive to take inspiration from the collateralized debt position (CDP) architecture.
If we assume that:
-
The stability primitive must be fully decentralized
-
The stability primitive must not require an honest-majority oracle
We end up with these trade-offs:
-
The stability primitive can’t be pegged to a fiat currency
-
The stability primitive might create MEV
These design goals are necessary, and these trade-offs are acceptable. Here’s why:
The stability primitive must be fully decentralized
Enshrining something like USDT into ZCash is an obvious non-starter. ZCash would cede full control to whatever company issues the fiat-backed token, and its jurisdiction. ZCash users would no longer be ZCash users- they’d be Tether users. For this reason, so-called “RWAs” destroy cryptocurrency protocols.
The stability primitive must not require an honest-majority oracle
To create a decentralized USD stablecoin, you need an oracle: some protocol for relaying the USD-price of ZEC to the blockchain. It is impossible to get this data trustlessly (the oracle problem). For the most part, the best solutions to this problem involve doing something akin to a proof-of-stake vote, which are fundamentally subject to capture and corruption. Introducing forkability (see my conference talk!) improves it somewhat, but that would introduce too much “softness” to a protocol like ZCash that values hardness of money.
It turns out, there may exist CDP stablecoin designs that don’t require honest-majority oracles!
The stability primitive can’t be pegged to a fiat currency
So-called “flatcoins” or non-pegged stablecoins such as RAI (Reflexer), HAI, and Rico have floating pegs. Instead of targeting the price of 1 USD, they aim to dampen the volatility of their backing collateral, which could be ZEC in our case.
Despite not being pegged to familiar denominations, these mechanisms have a great track record performing as stable assets. See this chart:
While Reflexer does use an honest-majority oracle, it has been theorized that these systems can be oracle-less, using something like a self-referential AMM pair. An enshrined AMM with a single (ZEC/ZAI) trading pair using a TWAP / VWAP could be built into the ZCash protocol.
This is admittedly an open research area. If it turns out to be impossible without a trusted oracle, then it may not be worth building.
The mechanism might create MEV
If further research reveals that something like an enshrined AMM is critical for the system, that could introduce MEV to ZCash. However, MEV is entirely manageable and no longer thought to be an unstoppable centralizing force. It’s not a good reason on its own to dismiss the idea of creating a shielded stability primitive in ZCash.
On the “Failure” of Flatcoins
Flatcoins have critics that argue they “failed” because they only managed to attract small amounts of adoption. There are a number of explanations for the low adoption of previous flatcoin protocols, as well as rebuttals to the declaration that they “failed”.
1. They were ahead of their time
The dominance of the US dollar is starting to decrease- this wasn’t the case until recently. Now more than ever, it’s questionable if one nation’s money can be currency for the entire world.
2. They weren’t promoted as “cash” for medium of exchange
The chains they live on are not popular for usage in everyday remittances. Less attention was put on their user experience for the remittance use-case as ZCash has done with Zashi. Their proponents seemed to be fixated on DeFi, not p2p cash.
3. They didn’t have privacy
No explanation needed.
That concludes the proposal! Further research needs to be done on if it’s possible to build without an honest-majority oracle. Please reply or reach out with any thoughts or feedback!