212
VeChain is its own blockchain designed to improve enterprise supply chains. It originally was built atop the Ethereum blockchain in 2015 to bring transparency and authenticity to luxury goods provenance to reduce fraud and combat counterfeit products. However, with loftier goals in mind, VeChain conducted an ICO in 2017 and launched its own blockchain in 2018.
On its own blockchain, VeChain tracks physical real-world items by assigning each product a unique identity and using RFID sensors to track that item across the supply chain until it ultimately ends up with the merchant. The idea is that companies who use VeChain can be sure their products are handled correctly and not counterfeited.
With the launch of their own chain in 2018, VeChain migrated to its own public blockchain ecosystem, VeChain Thor, converting the former VEN tokens to VET and adding the VeChain ‘gas’ token VTHO. Thus, VeChain has evolved into multi-coin enterprise-focused supply chain management and Internet of Things (IoT) ecosystem as opposed to a single project. The protocol is designed to be used across industries such as automotive, pharmaceutical, or agriculture in order to make the supply chain more efficient, transparent, and cost-effective. With VeChain, different companies along the supply chain can track items through every stage of production and delivery in real-time and verify the information. Over 30 companies within the Fortune 500 have live solutions running on VeChain including Walmart, BMW, LVMH, Renault, Deloitte, and PwC.
VET Strengths
- One of a select few crypto-projects that have actual adoption and product-market fit with major corporations like Walmart China, Pricewatercooper, PwC, Cointelegraph, BMW Group, LVMH, Moe?t, Hennessy, and Louis Vuitton
- A tenured product (5+ years) with a dedicated team that has shown the ability to evolve with the ecosystem and continue to improve and develop the product for users
VET Weaknesses
- A permissioned, KYC’d, centralized, and closed ecosystem of MasterNodes that offers none of the open, free-to-participate, permissionless characteristics of Bitcoin or Ethereum
- The VeChain Foundation is the ultimate authority and gatekeeper to the blockchain with the ability to change the monetary policy and other critical decisions
- VeChain was built for a large but very particular supply chain management use case, meaning there is essentially no reason a retail user needs the coin
VET Links
- Website
- White Paper 1.0
- White Paper 2.0
- GitHub
- Block explorer
- Telegram
Vulnerabilities
While VeChain's list of impressive partnerships suggests that enterprise clients feel comfortable in the level of security VeChain provides, are there any glaring vulnerabilities?
A good sign is constant and transparent code development which can be seen at any time via the project’s Github. Additionally, VeChain has integrated standards like Rosetta, an open standard to give developers powerful APIs to interact with blockchains.
Various aspects of VeChain are being updated on different timelines while the development documents and more "stable" parts of the project may have been last updated months or even weeks ago. According to the official blog, updates sync2, the flagship wallet, were implemented in February 2021.
Santiment shows a steady waxing and waning of activity in line with the expected output of two developers spearheading the majority of Github commits in the project.
VET developer activity (purple) vs. price (green). Image credit: Santiment
When it comes to more technical vulnerabilities (e.g. 51% attacks), there seems to be little concern from the community. Since VeChain uses the previously mentioned PoA consensus algorithm, there is no hash rate (and by extension, hash rate distribution/concentration). There are 101 Authority Masternodes, all with an equal chance of minting the next block. All authority nodes are randomly ordered and selected to charge a block. This helps eliminate the possibility of predicting which accounting nodes in advance will produce work for the chain, theoretically removing the ability to launch a network attack.
Furthermore, all AM's must go through a rigorous interview process, pass KYC regulations, own sufficient collateral, as well as prove they can maintain a minimum server performance according to these specifications.
So while there is nothing hard-coded in PoA that prevents rogue actors, it's in every actor's best economic interest to behave accordingly (similar to how expensive it is to 51% Bitcoin).
VeChain acknowledges that economic incentives are not enough and are testing some algorithmic models to be implemented in PoA 2.0 that algorithmically mitigate these kinds of rogue actor events.
Spam is economically discouraged as transactions require VTHO (similar to gas for ETH transactions) and you must be holding VET to generate VTHO. Each VET you hold generates a daily amount of VTHO and as transactions increase, VTHO costs would increase, making it very expensive to artificially flood the blockchain with transactions for a sustained period of time.
A bug bounty program is available, offering anywhere from $3,000 to $10,000 per bug reported.
In a one-off event in December 2019, an attacker stole 1.16 billion VET tokens from the VeChain Foundation. In statements following the theft, the VeChain Foundation stated that a “buyback address” was targeted and attributed the success of the hack to their own negligence and inadequate security practices.
Headway, Legalities, Etc.
VeChain has a strong first-mover advantage when it comes to enterprise solutions, namely supply chain management. Blockchain technology greatly increases the granularity of which assets in a workflow can be tracked and VeChain was the first to show IBM, PWC, Walmart, and dozens of other clients.
With a team and advisory board that is fully-transparent and public with offices in China, Europe, the USA, Singapore, and Japan, VeChain seems to be working closely with all governments to ensure their compliance and viability for the long-term.
Finally, the most obvious and significant vulnerability concerning the VeChain project is around centralization risk. VeChain is not your prototypical cryptocurrency or crypto-project. It is a closed-off, permissioned system geared towards hyper-compliant enterprise companies. The PoA system, used in VeChainThor, lacks the open, permissionless, decentralized, and pseudonymous nature of typical blockchains like Bitcoin and Ethereum. It is centralized by design, similar to a big company or government, requiring large amounts of trust in the entity behind the project. A limited number of identified validators can freely cooperate to censor particular types of transactions based on the identity of the user or the purpose of the transaction.
The only precautions a PoA network takes towards negating malicious activity are vetting network participants prior to being accepted into the network and the subsequent reputational risk that would follow should any entity act maliciously. However, the risk of damaging the reputation does not necessarily keep a person from participating in nefarious actions.
