Paxos-issued USD-collateralized ERC20 stablecoin public smart contract repository.

https://www.paxos.com/standard

The whitepaper can be found here.

The contract abi is in PAX.abi. It is the abi of the implementation contract. Interaction with PAX Standard is done at the address of the proxy at 0x8e870d67f660d95d5be530380d0ec0bd388289e1. See https://etherscan.io/token/0x8e870d67f660d95d5be530380d0ec0bd388289e1 for live on-chain details, and the section on bytecode verification below. See also our independent security audits by Nomic Labs and ChainSecurity.

Paxos Standard (PAX) is an ERC20 token that is Centrally Minted and Burned by Paxos, representing the trusted party backing the token with USD.

The public interface of PAX Standard is the ERC20 interface specified by EIP-20.

• name()
• symbol()
• decimals()
• totalSupply()
• balanceOf(address who)
• transfer(address to, uint256 value)
• approve(address spender, uint256 value)
• allowance(address owner, address spender)
• transferFrom(address from, address to, uint256 value)

And the usual events.

• event Transfer(address indexed from, address indexed to, uint256 value)
• event Approval(address indexed owner, address indexed spender, uint256 value)

Typical interaction with the contract will use transfer to move the token as payment. Additionally, a pattern involving approve and transferFrom can be used to allow another address to move tokens from your address to a third party without the need for the middleperson to custody the tokens, such as in the 0x protocol.

The total supply of PAX is backed by fiat held in reserve at Paxos. There is a single supplyController address that can mint and burn the token based on the actual movement of cash in and out of the reserve based on requests for the purchase and redemption of PAX.

The supply control interface includes methods to get the current address of the supply controller, and events to monitor the change in supply of PAX.

• supplyController()

Supply Control Events

• SupplyIncreased(address indexed to, uint256 value)
• SupplyDecreased(address indexed from, uint256 value)
• SupplyControllerSet(address indexed oldSupplyController, address indexed newSupplyController)

In the event of a critical security threat, Paxos has the ability to pause transfers and approvals of the PAX token. The ability to pause is controlled by a single owner role, following OpenZeppelin's Ownable. The simple model for pausing transfers following OpenZeppelin's Pausable.

As required by our regulators, we have introduced a role for law enforcement to freeze or seize the assets of a criminal party when required to do so by law, including by court order or other legal process.

The lawEnforcementRole can freeze and unfreeze the PAX balance of any address on chain. It can also wipe the balance of an address after it is frozen to allow the appropriate authorities to seize the backing assets.

Freezing is something that Paxos will not do on its own accord, and as such we expect to happen extremely rarely. The list of frozen addresses is available in isFrozen(address who).

To facilitate upgradeability on the immutable blockchain we follow a standard two-contract delegation pattern: a proxy contract represents the token, while all calls not involving upgrading the contract are delegated to an implementation contract.

The delegation uses delegatecall, which runs the code of the implementation contract in the context of the proxy storage. This way the implementation pointer can be changed to a different implementation contract while still keeping the same data and PAX contract address, which are really for the proxy contract.

The proxy used here is AdminUpgradeabilityProxy from ZeppelinOS.

The implementation contract is only used for the logic of the non-admin methods. A new implementation contract can be set by calling upgradeTo() or upgradeToAndCall() on the proxy, where the latter is used for upgrades requiring a new initialization or data migration so that it can all be done in one transaction. You must first deploy a copy of the new implementation contract, which is automatically paused by its constructor to help avoid accidental calls directly to the proxy contract.

The proxy contract and implementation contracts are verified on etherscan at the following links: https://etherscan.io/token/0x8e870d67f660d95d5be530380d0ec0bd388289e1 https://etherscan.io/token/0x6ffcb0f00c3ad2575e443152d8861aec1bda9ce6

Because the implementation address in the proxy is a private variable, verifying that this is the proxy being used requires reading contract storage directly. This can be done using a mainnet node, such as infura, by pasting the network address in truffle.js and running

truffle exec ./getImplementationAddress.js --network mainnet

To run smart contract tests first start

ganache-cli

in another terminal

Then run

make test-contracts

You can also run make test-contracts-coverage to see a coverage report.