Highlight the severity of the ERC-20 known issue in the token standard description. #13218
Comments
Dexaran
added
the
feature ✨
github-actions
bot
added
the
needs triage 📥
wackerow
added
proposal 🤔
|
Thanks @Dexaran I think overall this could probably make sense to add. Just want to get a bit more feedback. @Pandapip1 @minimalsm @konopkja @wackerow do you have any opinions on this? |
|
I think this is good... not sure if there would be any value in having some of this in the Overall though I'm in favor of shining light on these challenges though. |
I approve of this. Once my concerns with the automated script are addressed (I do believe Dexaran's working on them), I approve of that too. |
|
Hello everyone, I have prepared a PR with the addition of the description described above. |
These are the changes that I recommended. A note regarding automated calculation script: it's quite difficult to verify the losses without disassembling the contract source codes and we still didn't came to an automated method. We will send a separate PR once it's ready. |
|
This issue is stale because it has been open 30 days with no activity. |
github-actions
bot
added
the
Status: Stale
Is your feature request related to a problem? Please describe.
With 8.7.0 a "Known issues" section was added to ERC-20 description https://ethereum.org/en/developers/docs/standards/tokens/erc-20/#erc20-issues
However, the representation looks like it is a known issue so a token developer has nothing to worry about. It mustn't look like this because the amount of damage that this issue is dealing to the ecosystem is still growing over time and if there will be no active countermeasures people will keep losing money because of this known issue.
I would propose to add two paragraphs here:
Describe the solution you'd like
1. Highlight the severity of the issue
I would recommend to add a phrase "As of 06/20/2024 at least $83,656,418 worth of ERC-20 tokens were lost due to this issue."
We have built a script that calculates the amount of lost tokens (https://dexaran.github.io/erc20-losses/) and there are over $230M worth of lost tokens on Ethereum mainnet currently and this amount is growing every day as users keep losing tokens and those tokens that were already lost are never recovered.
My team did a due diligence on the tokens that were reported as "lost" by this script and we were able to manually verify that at least $83M worth of tokens are clearly unrecoverably lost. All the data is transparently available via Etherscan where you can observe the tokens on the balances of contracts with verified source codes that have no functions to extract these tokens.
2. Propose solution options
transferfunction would prevent thisrequire(address _to != address(this), "Sending to token contract");Describe alternatives you've considered
It is possible to restrict the logic of
transferfunction so that it wouldn't be possible to deliver tokens to smart-contracts with it but this would break backwards compatibility with some multisig wallets that are supposed to be ERC-20 compatible as well as Uniswap pools.Additional context
No response
Would you like to work on this issue?
The text was updated successfully, but these errors were encountered: