What to do about hidden or undisclosed logic in ERC-20 tokens?

This is a starter thread for standard ways to better enforce user expectations for ERC-20 contracts, or at least provide mechanisms to inform users of hidden / undisclosed logic.

This issue was brought up in a Tweet today by @LefterisJP, and I’ve heard it discussed before.

A key problem is that potential fees triggered by maintainers and other logic can break the user experience. There is a set of assumptions/expectations around ERC-20s that is not enforced.

Additional logic also leads to higher gas costs for users.

Solutions

There an effort organized by @p0n1 to track buggy / nonstandard code in ERC-20s, it may be defunct as the last commit is Oct 10, 2018.


Update:

Article by Daniel Que describing the general situation and techniques used: What we learned from auditing the top 20 ERC20 token contracts

Hey @jpitts.

Thanks for making the thread. I got a lot of shit for writing that tweet :kissing:

I think that such tokens should be flagged in a database maybe much like the one you linked and wallets, dapps, portfolio trackers should show some kind of warning to the user.

The biggest problem imo comes when transfer/transferFrom() does not work as expected. Many contracts assert that the transferred amount was fully transferred to the recipient. If at some point this breaks for a contract, like say the tether contract enables fees then all dapps using it would break.

2 Likes

I need to understand the issue with the smart contracts. Can you explain what you are experiencing?

Thank you

Usdt doesn’t work on gitcoin grants rn because of this. It’s a big pain in the butt.

I think that verified contracts on etherscan do the work of letting us all see why though. Which is positive. Not sure what else can be done other than many creating a community based taxonomy of erc20s and their “quirks”

Just wrap the token with a token that actually conforms to ERC20 and doesn’t charge fees. You can also do this for inefficient implementations like the GUSD.

2 Likes

I think wrapping up is an interesting idea.
Given there are many other forms of USD pegged tokens, I think some sort of TCR or other curation style system for the issue might be helpful.