Select a result to preview

Token Vs. Coins

Coins are digital currencies native to the Blockchain (Bitcoin/BTC, Ethereum's Ether). This means that all the rules for trading and creation are directed by the Blockchain. There are different ways to earn a coin. Mining, Proof-of-Stake or Trading (Buying coins) are one of them.

Tokens are assets that are created on top of existing Blockchain. Examples include USDC and Shiba Inu. They "live" in Smart Contracts (SC keeps record of them probably in a mapping of the value to the user address). This contract specifically is called an ERC-20 contract.

What is ERC-20

Similar to the internet's RFC (Request for Comments), ERC-20 is a document that contains definition and policies of how assets should be implemented in Ethereum, similar to a rulebook. For a contract to be considered an ERC-20 contract or ERC-20 compliant, it must implement all 9 methods:

function name() public view returns (string)
function symbol() public view returns (string)
function decimals() public view returns (uint8)
function totalSupply() public view returns (uint256)
function balanceOf(address _owner) public view returns (uint256 balance)
function transfer(address _to, uint256 _value) public returns (bool success)
function transferFrom(address _from, address _to, uint256 _value) public returns (bool success)
function approve(address _spender, uint256 _value) public returns (bool success)
function allowance(address _owner, address _spender) public view returns (uint256 remaining)

and these events:

event Transfer(address indexed _from, address indexed _to, uint256 _value)
event Approval(address indexed _owner, address indexed _spender, uint256 _value)
Security Concerns and other Issues

ERC-20 tokens wont be in your wallet. Like mentioned, when someone sends you tokens, the smart contract only updates the value or number of tokens that you own that is mapped to you address. This is what that looks like in Solidity:

mapping(address => uint) public balances;

You can’t always trust ERC‑20 smart contracts. It’s possible to submit a smart contract for auditing (for example, providing the Solidity source code to an external auditor like OpenZeppelin) and then make changes to the code before deployment. This can be difficult to detect, since only the compiled bytecode is published to the network. A contract may include backdoors in its logic, such as allowing the contract owner to mint tokens at will, burn tokens belonging to other users, or transfer tokens without user consent. It is also possible for a contract to use proxy patterns, enabling the logic to be replaced after deployment or delegating execution to another contract whose behavior is hidden from users (using delegatecall).

ERC-20 is also vulnerable to token loss. This happens when you transfer tokens to an incompatible smart contract (they are not designed to handle ERC-20). The smart contract doesn't know what to do with the token, cant reverse it, so the tokens remain stuck in that contract. Sometimes you might want to burn tokens if there was an oversupply (for instance, accidentally minted too much tokens), but if you accidentally use the transfer to an incompatible smart contract, the goal is not achieved because it still counts in the total supply and are deadlocked.

Resources
Resources

  1. https://ethereum.org/developers/docs/standards/tokens/erc-20/
  2. https://medium.com/@bansaltushar014/delegatecall-in-solidity-4138b121cbe