stablecoin
PayPal USD PYUSD
PayPal USD (PYUSD) scores 1/100 on the Quantum Readiness Index. PYUSD is a centrally-issued fiat-backed stablecoin deployed as standard ERC-20 tokens on Ethereum, Arbitrum, and SPL token on Solana. The project has undertaken zero quantum-specific work: no public cryptographic inventory, no quantum risk assessment, no PQC design or prototype, no migration roadmap, and no acknowledgment of the quantum threat from either Paxos or PayPal. All token-specific admin and governance keys—controlling mint, burn, freeze, pause, and contract upgrade—are classical ECDSA addresses protected only by Gnosis Safe multisig (3-of-20 threshold), which itself relies on ECDSA. The SupplyControl contract's daily rate limits provide operational blast-radius mitigation but zero quantum resistance. With approximately $3.48 billion in circulating supply fully exposed to quantum key-recovery attacks and no migration, freeze, or recovery path, PYUSD represents a high-value quantum-critical vulnerability. The project is at Stage 1 (Quantum Risk Assessed) because the cryptographic inventory is publicly verifiable from source code and on-chain data, even though the issuer has not published or acknowledged a quantum risk assessment. The single point awarded reflects only that the value-at-risk is measurable (<25% coverage tier per QRI §9.3.1).
Classical-OnlyMulti-ChainStablecoinToken-Inherits-Host-Chain-RiskNo-Quantum-WorkHigh-Value-At-Risk
Category breakdown
QRI Factors
Algorithm & Implementation Assurance
0 / 20
Migration Mechanism, Governance & Ecosystem Coordination
0 / 15
Migration Status & Value-at-Risk
1 / 25
Production Cryptographic Protection
0 / 35
Security Assessment & Evidence Preparedness
0 / 5
Critical Quantum Blockers
- All PYUSD spend authorization is ECC-only via host chains: ECDSA (secp256k1) on Ethereum/Arbitrum, Ed25519 on Solana. No PQ or hybrid signature path exists for any user transaction.
- All token-specific admin and governance keys are classical ECDSA addresses protected only by multisig (3-of-20 Gnosis Safe). A quantum attacker capable of breaking ECDSA could compromise proxy admin, owner, assetProtectionRole, and supplyController keys—enabling unlimited mint, freeze/wipe of any address, contract upgrade to malicious logic, and permanent pause.
- SupplyControl daily rate limits provide only blast-radius mitigation, not quantum resistance. A quantum attacker forging the supplyController signature can mint up to the daily cap repeatedly or rotate the supplyController address.
- No public quantum risk assessment, cryptographic inventory, PQC design, migration roadmap, or acknowledgment of the quantum threat exists from Paxos or PayPal.
- Approximately $3.48B in circulating supply (June 2026, CoinMarketCap/CoinGecko; supply contracted ~13% in May 2026 per MetaMask) represents fully quantum-exposed on-chain value with no migration, freeze, deprecation, or recovery path.
Key Risks
- QUANTUM-CRITICAL: A quantum attacker compromising the proxy admin key (ECDSA) can upgrade the PYUSD implementation contract to malicious logic, affecting all ~$3.48B in circulating supply across all holders on that chain.
- QUANTUM-CRITICAL: A quantum attacker compromising the owner key can pause all transfers indefinitely, reclaim all PYUSD held by the contract, and change the assetProtectionRole and supplyController—effectively taking full control of the token.
- QUANTUM-CRITICAL: A quantum attacker compromising the assetProtectionRole can freeze and wipe the balance of any address, enabling targeted theft or mass destruction of token value.
- QUANTUM-CRITICAL: A quantum attacker compromising the supplyController key can mint tokens up to the daily rate limit and immediately rotate the supplyController to a new attacker-controlled address, bypassing future rate limits. Even with caps, repeated daily minting can inflate supply.
- QUANTUM-CRITICAL: On Solana, Ed25519 public keys are exposed directly and by default across the entire address space, creating a permanent at-rest attack surface. All PYUSD holder addresses on Solana are vulnerable to offline quantum key-recovery with no time constraint.
- QUANTUM-CRITICAL: On Ethereum/Arbitrum, any PYUSD holder address that has ever sent a transaction has an exposed ECDSA public key, creating a long-exposure at-rest vulnerability. Only unused (never-sent) addresses benefit from hash-based address protection.
- STRUCTURAL: PYUSD's multi-chain deployment means quantum safety requires independent migration on each host chain (Ethereum, Solana, Arbitrum). A base-layer fix on one chain does not protect PYUSD on others.
- STRUCTURAL: As a centrally-issued stablecoin with upgradeable proxy contracts, PYUSD is entirely dependent on Paxos's administrative key management. There is no protocol-level or community-governance path to force quantum migration if Paxos does not act.
- OPERATIONAL: The G7 CEG's January 2026 roadmap targets 2035 for financial-sector PQC migration completion with critical systems prioritized for 2030-32. Paxos/PayPal have shown no evidence of engagement with this timeline.
Assurance Notes
- PYUSD v1 Trail of Bits audit (December 2022) covers classical ERC-20 security only; no quantum or post-quantum scope. Stale for current v2.x implementation.
- PYUSD v2 audits by Zellic and Trail of Bits are referenced in the repository but the reports are not directly linked in the public repo; scope fit for the current production implementation is unverified for this evaluation. Both are classical smart-contract audits with no quantum scope.
- Admin keys use multisignature contracts (Gnosis Safe, 3-of-20 threshold per LlamaRisk and Aave governance sources) providing operational security but no quantum resistance—multisig signers remain classical ECDSA addresses.
- SupplyControl contract (0x31d9bDEa6F104606C954f8FE6ba614F1BD347Ec3 on Ethereum) implements rate limits on mint/burn. This limits blast-radius of a single compromised key but does not prevent a quantum attacker from forging supply-control signatures.
- PYUSD v2.1.0 (February 2026) added EIP-1271 support for smart-contract wallet signatures. This is a classical signature-flexibility improvement with no quantum relevance.
- No formal quantum-specific incident-response playbook, security contact for quantum disclosures, or quantum-risk governance process has been published by Paxos or PayPal.
- Reserve attestations published monthly by Paxos are financial/accounting attestations, not cryptographic security reviews. They do not address on-chain quantum vulnerabilities.
- The G7 Cyber Expert Group's January 2026 roadmap for PQC migration in the financial sector targets critical systems for 2030-32 and full migration by 2035. No evidence Paxos or PayPal have responded to this guidance.
- Solana's Ed25519 address model exposes public keys directly and by default across its address space, creating a long-exposure (at-rest) quantum vulnerability for all PYUSD holders on Solana—distinct from Ethereum's hash-based address model which provides short-exposure-only protection for unused addresses.
- PYUSD's multi-chain deployment means quantum readiness must be achieved on each host chain independently. A base-layer fix on one chain does not protect PYUSD on others.
Non-Scoring Caveats
- Supply contraction: PYUSD circulating supply dropped ~13% in May 2026 (MetaMask data), indicating reduced but still substantial value-at-risk. Market cap figures vary across sources (~$3.0B Kraken/AMBCrypto, ~$3.48B CoinMarketCap/CoinGecko as of June 2026).
- Solana's Ed25519 address model exposes public keys directly and by default, creating a permanent at-rest quantum vulnerability for all PYUSD holders on Solana—distinct from Ethereum's hash-based address model which protects only addresses that have never sent a transaction.
- PYUSD's multi-chain deployment (Ethereum, Solana, Arbitrum) means quantum readiness must be achieved on each host chain independently. A base-layer fix on one chain does not protect PYUSD on others.
- As a centrally-issued stablecoin with upgradeable proxy contracts, PYUSD is entirely dependent on Paxos's administrative key management. There is no protocol-level or community-governance path to force quantum migration if Paxos does not act.
- The G7 CEG January 2026 roadmap, EU PQC roadmap (June 2025), and NCSC guidance all target 2035 for financial-sector PQC migration completion. Paxos/PayPal have shown no evidence of engagement with these timelines.
Evidence record
Claims and Caveats
Security Assessment & Evidence Preparedness
Public cryptographic inventory of critical public-key mechanisms and public quantum threat model
Claim: No public cryptographic inventory or quantum threat model has been published by Paxos or PayPal for PYUSD.
Coverage basis: Absence of any quantum-specific documentation
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No public cryptographic inventory; quantum-vulnerable surface cannot be systematically assessed by users or institutions.
Assurance: Absence of inventory confirmed by web search of Paxos documentation, PayPal developer portal, GitHub repositories, and press releases. No quantum-related content found in any official channel. The G7 CEG January 2026 roadmap explicitly recommends financial entities begin cryptographic discovery and inventory exercises.
Security Assessment & Evidence Preparedness
Public evidence record supporting the assessment
Claim: No quantum-specific evidence record has been published. Classical contract code, audits, and documentation exist but contain no quantum analysis.
Coverage basis: Public code and documentation exist but contain no quantum-relevant content
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Assurance: Classical evidence (open-source code, verified contracts, audits) is well-documented but contains no quantum threat modeling, cryptographic inventory, or PQC analysis.
Production Cryptographic Protection
Spend authorization / transaction signatures are PQC or hybrid-PQC on mainnet
Claim: All PYUSD spend authorization is via host-chain classical signatures: ECDSA (secp256k1) on Ethereum/Arbitrum, Ed25519 on Solana. No PQ or hybrid path exists.
Coverage basis: Token inherits host-chain signature schemes; no custom spend authorization
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: All spend authorization remains entirely ECC/Ed25519-only with no PQ or hybrid path.
Assurance: Verified from on-chain contract code, official Paxos documentation, and token-standard specifications (ERC-20, SPL). EIP-3009/EIP-2612 permit signatures also use classical ECDSA (EIP-712 with secp256k1 recovery). Google's March 2026 whitepaper estimates ~500K physical qubits can break secp256k1 (~20x reduction from prior estimates).
Production Cryptographic Protection
Account, address, public-key exposure, and key-derivation design
Claim: All PYUSD addresses follow host-chain address models. Ethereum/Arbitrum uses hash-based addresses (limited protection for unused addresses). Solana exposes Ed25519 public keys directly and by default.
Coverage basis: Host-chain address derivation; no token-specific address layer
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Solana PYUSD addresses expose public keys directly, creating permanent at-rest quantum vulnerability. Ethereum PYUSD addresses that have sent transactions have exposed public keys on-chain.
Assurance: Solana's address model is well-documented as exposing public keys directly. Ethereum's model protects only addresses that have never sent a transaction. Both are inherited by PYUSD per QRI §7.3 attack-window classification.
Production Cryptographic Protection
Consensus-critical authentication is PQC or hybrid-PQC where applicable
Claim: PYUSD is a token with no independent consensus layer. Consensus authentication is N/A for token-level evaluation.
Coverage basis: Token architecture: no consensus mechanism
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Host-chain consensus vulnerabilities affect PYUSD indirectly but are scored under host-chain QRI evaluations, not token-level.
Production Cryptographic Protection
State-integrity and data-availability mechanisms are quantum-safe where applicable
Claim: PYUSD supply integrity is controlled by classical ECDSA admin keys (owner multisig 0x0644Bd0248d5F89e4F6E845a91D15c23591e5D33, supplyController 0xE25a329d385f77df5D4eD56265babe2b99A5436e, assetProtectionRole) through the AdminUpgradeabilityProxy and SupplyControl contract. No PQ protection exists for supply-binding.
Coverage basis: Token-specific admin key infrastructure
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Supply integrity, contract upgradeability, freeze/wipe, and pause controls are all gated by classical ECDSA keys. A quantum attacker compromising any admin key can break token state integrity.
Assurance: Admin key structure verified from on-chain contract code, Paxos documentation, LlamaRisk research, and Aave governance discussions. Owner multisig uses 3-of-20 threshold (Gnosis Safe). SupplyControl rate limits constrain per-day mint but do not prevent quantum forgery of the supplyController signature.
The SupplyControl contract implements daily rate limits on mint/burn, providing operational blast-radius mitigation but zero quantum resistance.
Production Cryptographic Protection
Privacy and proof layers are quantum-safe where applicable
Claim: PYUSD has no privacy features, shielded pools, ZK proofs, or confidential transaction mechanisms.
Coverage basis: Token architecture: no privacy layer
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
P2P transport, node identity, and peer authentication are PQC, hybrid-PQC, or satisfied by design
Claim: PYUSD has no P2P network layer. All network communication is handled by host chains.
Coverage basis: Token architecture: no P2P layer
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Production Cryptographic Protection
Critical wallet, custody, HSM, signer, and hardware-wallet workflows support the production PQ/hybrid path
Claim: No PQ wallet, custody, or HSM path exists for PYUSD. All wallet interactions use classical signatures via host-chain tooling.
Coverage basis: Token inheritance; host-chain wallet ecosystem
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Assurance: PayPal and Venmo provide integrated PYUSD custody but use standard blockchain key management. No PQ-specific wallet infrastructure exists at the token level.
Migration Status & Value-at-Risk
Percentage of economically relevant value-at-risk protected from quantum key-recovery attacks
Claim: Approximately $3.48B in circulating PYUSD supply (June 2026, CoinMarketCap/CoinGecko) is fully quantum-vulnerable. Zero percent is protected by PQ or hybrid mechanisms. Supply contracted ~13% in May 2026.
Coverage basis: Circulating supply across all host chains
Implementation score: 0.05 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: ~$3.48B in fully quantum-exposed value with zero protection, zero migration, and no recovery path.
Assurance: Market cap figures vary across sources (~$3.0B Kraken/AMBCrypto, ~$3.03B MetaMask, ~$3.48B CoinMarketCap/CoinGecko as of June 2026). Supply contracted ~13% in May 2026 per MetaMask. The March 2026 secondary source (Stablecoin Insider) reported ~$4.09B but this predates the supply contraction. The exact figure does not materially change the <25% coverage classification. Solana and Arbitrum supply breakdowns are not separately verified.
Per QRI §9.3.1 coverage thresholds: <25% coverage = 1 point (out of 20). PYUSD qualifies for this tier. All circulating supply across all chains is quantum-vulnerable with no protection.
Migration Status & Value-at-Risk
Critical wallets migrated, protected, or inherently PQ-native
Claim: No PYUSD treasury, exchange, custodian, bridge, foundation, or protocol-controlled wallets have been migrated to PQ protection. All admin keys remain classical.
Coverage basis: Token admin keys, treasury wallets, and major holder addresses
Implementation score: 0 · Evidence confidence: Medium
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: Admin keys (proxy admin, owner, assetProtectionRole, supplyController) are all classical ECDSA addresses with no PQ migration path.
Assurance: Paxos documentation confirms admin addresses use multisig (Gnosis Safe, 3-of-20). Multisig signers remain classical ECDSA. Specific signer identities and threshold confirmed via LlamaRisk and Aave governance sources. PayPal's internal custody infrastructure for PYUSD reserves is off-chain and outside evaluation scope.
The admin keys govern the entire token supply across all chains. A quantum compromise of any single admin key (regardless of multisig) would be catastrophic.
Migration Status & Value-at-Risk
Legacy vulnerable pools/accounts/UTXOs/contracts are identified, measurable, deprecated, migrated, frozen, or proven not to exist by design
Claim: No legacy vulnerable PYUSD pools have been identified, measured, deprecated, or addressed. No quantum-specific policy mechanism exists for handling quantum-vulnerable PYUSD holdings.
Coverage basis: Absence of any vulnerability identification or deprecation program
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No mechanism exists to identify, freeze, deprecate, or migrate quantum-vulnerable PYUSD holdings. The freeze/wipe functions exist but are themselves controlled by quantum-vulnerable keys.
Assurance: Paxos has freeze/wipe capability (assetProtectionRole) which could theoretically be used to address vulnerable holdings, but the freeze mechanism itself relies on quantum-vulnerable ECDSA signatures. This creates a circular dependency.
Per QRI §9.3.2, a protocol with a credible salvage/freeze/deprecation policy may receive partial credit. PYUSD has the technical freeze mechanism but no quantum-specific policy, timeline, or governance approval for using it in a quantum-migration context.
Migration Mechanism, Governance & Ecosystem Coordination
Public migration or protection roadmap with sequencing, activation criteria, and dependencies
Claim: No public quantum migration or protection roadmap exists for PYUSD. Neither Paxos nor PayPal has published any PQC transition plan.
Coverage basis: Absence of any roadmap publication
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical uncertainty · Score treatment: score-reducing
Quantum blocker: No migration roadmap. Users and institutions have no timeline, activation criteria, or dependency analysis for PYUSD quantum migration.
Assurance: Exhaustive search of Paxos documentation, PayPal newsroom, GitHub repositories, and press releases confirms no quantum-related roadmap content. The G7 CEG January 2026 roadmap and EU PQC roadmap (June 2025) target 2035 for financial sector migration completion, providing an external benchmark Paxos/PayPal have not acknowledged.
Migration Mechanism, Governance & Ecosystem Coordination
Migration accessibility and defaults
Claim: No PQ account creation, wallet tooling, transaction paths, custody paths, user-facing warnings, education, or migration prompts exist for PYUSD.
Coverage basis: Absence of any migration tooling or user guidance
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No PQ migration path, tooling, or user guidance exists. Users cannot protect their PYUSD holdings even if they want to.
Assurance: PayPal's consumer-facing documentation and Paxos's developer portal contain no quantum-related content, warnings, or guidance.
Migration Mechanism, Governance & Ecosystem Coordination
Migration enforcement and coordination
Claim: No enforcement mechanisms, deprecation schedules, disabled legacy signing, restricted withdrawals, unsafe-path blocking, or exchange/custody/bridge coordination exist for quantum migration.
Coverage basis: Absence of any enforcement or coordination activity
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No enforcement mechanisms exist. Even if a PQ migration were designed, there is no authority or process to compel or coordinate it.
Assurance: Paxos's centralized control (owner, assetProtectionRole, proxy admin) theoretically provides strong enforcement capability for a migration if one were designed, but no such design exists. The capability is a double-edged sword: it enables enforcement but the enforcement keys themselves are quantum-vulnerable.
Migration Mechanism, Governance & Ecosystem Coordination
Emergency disclosure, incident-response, or governance process for quantum-related vulnerabilities
Claim: No quantum-specific emergency disclosure process, incident-response playbook, or governance mechanism has been published.
Coverage basis: Absence of any quantum-specific process documentation
Implementation score: 0 · Evidence confidence: High
Issue classification: assurance-only caveat · Score treatment: score-reducing
Assurance: Paxos has operational incident-response capability (pause, freeze) but no published quantum-specific process. Per QRI §8.2, absence of a formal quantum-specific IR playbook does not independently create a Readiness & Risk Cap. Score reduction here is due to zero implementation, not the playbook gap specifically.
Algorithm & Implementation Assurance
Uses NIST-standardized, standards-track, or broadly reviewed PQC/hybrid-PQC algorithms appropriate to the use case
Claim: PYUSD uses no PQC algorithms whatsoever. All cryptography is classical (ECDSA, Ed25519, keccak256).
Coverage basis: Complete absence of PQC algorithm usage
Implementation score: 0 · Evidence confidence: High
Issue classification: quantum-critical vulnerability · Score treatment: score-reducing
Quantum blocker: No PQC algorithms in use. All token and admin cryptography is classical.
Assurance: Contract source code confirms exclusive use of classical Solidity primitives (ecrecover for ECDSA, keccak256 for hashing). Solana SPL token uses Ed25519 via the Solana runtime. NIST published FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) in 2024. None are used or referenced in PYUSD.
Algorithm & Implementation Assurance
Independent cryptographic and implementation audit for the quantum-critical scope
Claim: No independent quantum or post-quantum audit exists for PYUSD. Existing audits (Trail of Bits v1 2022, Zellic/Trail of Bits v2) are classical smart-contract audits with no quantum scope.
Coverage basis: Existing audits are classical-only with no PQ relevance
Implementation score: 0 · Evidence confidence: Medium
Issue classification: assurance-only caveat · Score treatment: score-reducing
Assurance: Existing audits are scope-mismatched for quantum assessment. Trail of Bits v1 (2022) covers the initial ERC-20 implementation. v2 audits by Zellic and Trail of Bits are referenced in the README but not directly linked. None include quantum threat modeling or PQC review. Since no PQC implementation exists to audit, the score reduction reflects the absence of any quantum assurance, not audit staleness per se.
Per QRI §6.4, scope-mismatched audits support only the audited component (classical ERC-20 security) and confidence is limited for the unaudited quantum scope.
Algorithm & Implementation Assurance
Open-source, reproducible implementation
Claim: PYUSD contract code is open-source (MIT license) and verified on Etherscan. However, there is no PQC implementation to evaluate for reproducibility.
Coverage basis: Open-source classical code; no PQC code exists
Implementation score: 0 · Evidence confidence: High
Issue classification: none · Score treatment: score-reducing
Assurance: Classical code is open-source, verified, and reproducible. This subfactor scores 0.00 because there is no PQC implementation to evaluate—the open-source nature of classical code is commendable but does not compensate for the absence of quantum-safe code.
PYUSD v2.1.0 (February 2026) is the latest release.
Algorithm & Implementation Assurance
Parameter agility and future upgrade path are documented
Claim: No documented parameter agility or PQC upgrade path exists. The AdminUpgradeabilityProxy enables contract upgrades but there is no quantum-specific upgrade plan.
Coverage basis: Technical upgrade capability exists but no quantum plan
Implementation score: 0 · Evidence confidence: Medium
Issue classification: operational/product caveat · Score treatment: score-reducing
Assurance: The AdminUpgradeabilityProxy pattern technically enables future PQC upgrades (e.g., adding PQ signature verification). However, the proxy admin key itself is quantum-vulnerable, creating a bootstrap problem: upgrading to PQ requires a quantum-safe admin key, but the admin key is classical.
Algorithm & Implementation Assurance
Stateful-signature safety, side-channel, fault-injection, state-management, hardware-wallet, HSM, or custody implementation risks
Claim: No stateful signatures (XMSS/LMS) are used. This subfactor is not applicable because there are no stateful PQC signatures to evaluate for safety.
Coverage basis: No stateful signature schemes in use
Implementation score: 1 · Evidence confidence: High
Issue classification: none · Score treatment: not applicable
Algorithm & Implementation Assurance
Performance and resource-impact analysis where PQ signature/verification costs could affect safe deployment
Claim: No PQ performance or resource-impact analysis exists for PYUSD. No assessment of how PQC migration would affect gas costs, transaction throughput, or wallet UX.
Coverage basis: Absence of any PQC performance analysis
Implementation score: 0 · Evidence confidence: High
Issue classification: operational/product caveat · Score treatment: score-reducing
Assurance: PQC signature sizes are significantly larger than classical (e.g., ML-DSA-65 ~3.3KB vs ECDSA ~64-72 bytes). On Ethereum, this would dramatically increase gas costs for PYUSD transfers and approvals. On Solana, Project Eleven's April 2026 testnet showed ~90% throughput reduction with PQ signatures. No analysis exists for how PYUSD would handle these impacts.
The Solana Foundation's April 2026 live testnet data (Project Eleven) confirms the magnitude of the PQ performance challenge.
Report metadata