ERC-20 — this is the first and most common standard tokens that are running on the Ethereum blockchain, which was introduced in 2015.

Standard code ERC-20 provides 6 functions:

  • totalSupply specifies the total number of tokens;
  • balance0f shows the balance of the account specified in address_owner where _owner address;
  • transfer implements the transfer of tokens from the primary address of the specific user;
  • transferFrom is used to transfer tokens from one user to another;
  • approve checks whether the smart contract tokens, and ensures funds are debited from the account in the amount not exceeding the amount determined by the parameter of the function.
  • allowance checks that the wallet of the sender sufficient tokens to transmit them to the recipient.

Also ERC-20 provides two types of events:

  • transfer — transfer tokens between accounts;
  • approval — this event is triggered when the function succeeds approve.

Of these functions and events is seen as tokens ERC-20 are transferred between addresses, and their owners receive the necessary information. In addition, they provide the efficiency of the new token on the Ethereum platform.

After the appearance of this standard ICO the market started to grow very fast, since ERC-20 contains a list of rules that must comply with future tokens. This has simplified the life of developers who previously had to create for token standards compatible with bloccano, wallet, exchange and DApps.

What happened next?

Standard ERC-20 was the first, and over time it became clear that it is imperfect: in 2017, was reported lost during the transaction, and in February of 2018 developer with the pseudonym Dexaran described the bug affecting tokens ERC-20, and warned users in Github.

According to him, the main problem was connected with smart contracts. The fact that the transaction is completed when there is successful transfer of funds. If an error occurs, the translation should be rejected, and in the case of tokens ERC-20 and smart contract that do not support this standard, the system rejects or accepts the transaction, and as a result tokens are frozen or lost.

This happens in two situations

  1. The use of transfer functions that allows you to send tokens to an address
  2. Making a Deposit into the smart contract, which requires the use of a combination of options approve and transferFrom.

Using the approve, the user grants smart permission contract on withdrawals that is performed using transferFrom.

In cases when the user makes a Deposit into the smart contract using transfer functions, the transaction is considered successful, and the network will perceive it normally, but the smart contract it does not recognize — and because of this error, the Ethereum ecosystem has already lost millions of dollars.

The Domino effect

Users of the platform Ethereum and earlier had to deal with security problems, to recall the infamous hacking project DAO in 2016. To eliminate its consequences and to return the funds to the network, was held hardwork, with the new blockchain continued to work under the name of Ethereum, and the members of the network who do not agree with this decision, keep the old blockchain called Ethereum Classic.

In April 2018, some cryptoamnesia exchange (for example, OKEx) suspended the deployment and withdrawal of tokens ERC-20 because of an error batchOverflow. Representatives OKEx wrote about this:

“Exploiting the bug, attackers can generate huge number of tokens and place them on the regular addresses in order to manipulate the market.”

After OKEx exchange Poloniex took a similar decision with regard to all tokens of the standard ERC-20, and HitBTC initiated an internal audit, during which part of paid money blocked.

What’s next?

Tokens ERC-20 effective and convenient, but their code has bugs that can lead to loss of funds. The Protocol of ERC-20 is not always suitable for the purposes of the creators of a specific token, and, of course, no guarantee that the generated token will be useful, valuable or functional.

In addition, one of the drawbacks of the standard ERC-20 — very easy creation of tokens, which facilitates the ICO and leads to an abundance of similar tokens, and hence greatly complicates investors ‘ lives.

But, despite all the fears and warnings, the number of ICO using the ERC-20, still growing. So then what can be concluded? What is more important startups to raise money than to ensure the security of its assets.

Discuss current news and events on the Forum