ERC20 Standard Main Issue

The lack of transaction handling mechanism is the main issue of ERC20 token standard.

Event handling is a standard practice in programming. It’s obvious that token transactions should be considered as an event and that it should be possible to handle the transaction events. The ERC20 token standard does not provide this mechanism at all, which leads to issues.

Another problem with ERC20 tokens standard is that there are two different ways to deposit ERC20 tokens:

transfer
approve + transferFrom

With ERC20 tokens, it is not possible to execute a transaction that will be recognized by the recipient’s contract. If a user wants to transfer tokens to any contract, then he must approve this contract to withdraw the tokens from his wallet, and then call a contract that will call transferFrom to withdraw the tokens.

If the user call transfer function to deposit tokens to a contract then the recipient contract will not recognize the transaction. It is impossible to handle incoming transactions of ERC20 tokens for any contracts. Therefore, it is not possible to reject transactions that should be rejected.

Since the function for transferring tokens without handling by the recipient remains, it is possible that someone will use this function and lose tokens. These tokens would get stuck inside any contracts as the transaction was not recognized by the recipient (contract).

Example

Alice has 10 ERC20 tokens and she wants to send 3 tokens to Bob.

An ordinary user may think that Alice has some tokens “on her account balance”, but the balance of the token is just a variable inside the token contract.

Alice initiates a transaction. Actually, every token transaction is a call to the token contract.
Alice asks the token contract to reduce her balance by 3 and to increase Bob’s balance by 3 at the same time.

Once the transaction has been mined, the internal variables of the ERC20 token contract will be modified. The recipient (Bob in this case) will not be informed that the transaction occurs!

This is fine for externally owned accounts (accounts owned by humans). Alice can tell Bob that she sent him tokens. Bob can check his balance and see that it has increased.

This is a critical issue for contracts and it is resulting in lost tokens. Contracts that are not designed to work with a token must reject incoming token transactions. Otherwise, each contract becomes a potential token trap due to the inability to reject improper token transfers.

Appendix

Smart Contract Audits by Callisto Network.

Miscellaneous

Why Audit Smart Contracts?

Our Most Popular Audit Reports.

Trust the Blockchain, Audit the Smart Contracts.

Follow Callisto’s Security Department on Twitter to get our latest news and updates!

Callisto Evolution

Fushuma On-chain Democracy

Philosophy of Decentralization - Blueprint

Fushuma Tokenomics

Decentralized X-Chain Bridge

Progress Tracker

News & Updates

Security Department

Funding Program

Cold Staking

ERC-223 Token Standard

Callisto NFT Standard

Callisto Network Mining

Network Explorer

Supply & Burn Metrics

Live Network Data

DApps

Wallets

Callistonians NFT Collection

One Earth, One Heart

Callisto Network Essentials

Testnet Tools