This is an automated archive.

The original was posted on /r/ethereum by /u/Dexaran on 2023-08-12 14:54:42+00:00.

Original Title: Today at least $130M worth of tokens are lost because of ERC-20 standard security flaw. This exceeds the amount of funds drained in a recent Curve hack twice but the ERC-20 flaw is still not fixed and the standard is still being used.


ERC-20 flaw

Here is the description.

The problem is widely known, I have described it in 2017 and developed an alternative token standard to solve this exact problem.

In 2017 there were $4M worth of tokens lost. Today it’s $130M in 49 examined contracts.

How we calculated the amount of lost tokens

I have this script:

It is open source and anyone can use it or modify it. This script examines contracts - it assumes that all provided addresses are token contracts and watches their balance. The balance must be 0 because the token contract is not supposed to OWN tokens, it is supposed to BE THE TOKEN.

If one contract owns tokens then it’s a result of an unhandled mistake. For example USDT contract holds USDC tokens.

Example

Here is RNDR token:

It holds $1,805,909 worth of tokens (mostly $RNDR token). All those tokens are lost and there is no way to recover them.

The output of the script

This is the output of the script that examined 49 contracts. There are $991M worth of tokens stuck in QNT contract but it was excluded from this list and further investigation is required. As for the rest of the tokens - these are guaranteed to be lost.

  • 335034 USDT worth $334765.9728 is stuck.
  • 23532 BNB worth $5662034.5200000005 is stuck.
  • 72808073 USDC worth $72808073 is stuck.
  • 12 stETH worth $22087.079999999998 is stuck.
  • 480534 MATIC worth $322005.8334 is stuck.
  • 151019 THETA worth $115287.9046 is stuck.
  • 241331764271 SHIB worth $2005466.96109201 is stuck.
  • 78335 UNI worth $479958.545 is stuck.
  • 1423424 DAI worth $1422996.9728 is stuck.
  • 1423424 DAI worth $1422996.9728 is stuck.
  • 178470 BUSD worth $178470 is stuck.
  • 5805 LINK worth $41662.485 is stuck.
  • 9835 TUSD worth $9835 is stuck.
  • 214 OKB worth $8998.699999999999 is stuck.
  • 70 TONCOIN worth $83.23 is stuck.
  • 1 LDO worth $1.869 is stuck.
  • 30397117 HEX worth $181258.00867100002 is stuck.
  • 5946 ARB worth $6742.763999999999 is stuck.
  • 278617 CRO worth $16588.856180000002 is stuck.
  • 452980 GRT worth $49103.032 is stuck.
  • 0 NEAR worth $0 is stuck.
  • 6303432 VEN worth $25642361.376 is stuck.
  • 1322 SAND worth $537.1286 is stuck.
  • 66076 APE worth $119861.864 is stuck.
  • 231535 BIT worth $119147.911 is stuck.
  • 43623957 MANA worth $16127776.9029 is stuck.
  • 231535 BIT worth $119147.911 is stuck.
  • 6978 INJ worth $56591.579999999994 is stuck.
  • 1032591 RNDR worth $1829751.252 is stuck.
  • 6362054533 PEPE worth $7698.08598493 is stuck.
  • 63 KCS worth $347.256 is stuck.
  • 38999 GUSD worth $37310.3433 is stuck.
  • 203 cETH worth $7508.97 is stuck.
  • 7 PAXG worth $13498.1 is stuck.
  • 259 COMP worth $15630.65 is stuck.
  • 1578896959 BTT worth $726.29260114 is stuck.
  • 1982 HT worth $5307.796 is stuck.
  • 19245 FXS worth $113930.4 is stuck.
  • 33575 cUSDC worth $624.8307500000001 is stuck.
  • 33280 1INCH worth $10493.184000000001 is stuck.
  • 205841 NEXO worth $133920.15459999998 is stuck.
  • 39365 DYDX worth $76013.815 is stuck.
  • 16 ZIL worth $0.32688 is stuck.
  • 1013 Cake worth $1527.604 is stuck.
  • 127380 ENJ worth $37182.222 is stuck.
  • 3580 MASK worth $12300.88 is stuck.
  • 72693336 HOT worth $90648.58999200001 is stuck.
  • 19 YFI worth $121160.34 is stuck.
  • 413248 BAT worth $84095.968 is stuck.
  • 464 GNO worth $51921.600000000006 is stuck. As summary $129925441.04195106 is stuck.

In the coming days I will improve the script to further clarify where exactly the lost tokens are and provide the details about the top lost tokens and top “token trap” contracts.

Our examination is ongoing and it will continue.

How is this a flaw of ERC-20 standard?

ERC-20 standard does not implement transaction handling. If you send ERC-20 tokens to a contract the contract is not notified and it can’t reject

It’s a user mistake, not a contract flaw

  1. It’s easily solvable and it’s still not solved. There is no point in letting users to lose all their life savings as a result of a mistake that could be predicted and easily prevented.
  2. Ether transfers prevent such mistakes. Ether transaction design is thoroughly thought.

Do other tokens standards solve this?

  • ERC-223 solves this
  • ERC-721 solves this for NFTs
  • ERC-777 does not solve this and inherits ERC-20 transacting patterns
  • ERC-1155 does not solve this and inherits ERC-20 transacting patterns
  • ERC-1363 does not solve this and inherits ERC-20 transacting patterns

$130M is not much

If the developers of a hacked DeFi platform would respond “Ah, our exchange was hacked but only $130M were stolen, it’s not that much to fix the bug” they would look quite odd.

This is an unpatched security flaw that can result in a loss of $30Billions worth of tokens tomorrow. Nothing prevents it.

What can I do?

  • If you are a user - be careful and beware of this issue.
  • If you are a developer - use safer token standards or at least apply restrictions on ERC-20 transfer function.
  • If you are a developer of a service that works with tokens then you must implement a ERC20Rescue function that would allow you to extract the stuck tokens and refund the users.

Here is an example of the ERC20Rescue function