ERC20 token standard critical problems.
I want to publish it here because of my article about the problem was deleted from Ethereum reddit.
This is a description of issues of ERC20 token standard, which is used for almost all Ethereum ICOs. Every ERC20 token is affected.
ERC20 tokens have two critical issues that are already causing money losses. They are:
1. Lack of transaction handling.
There are two ways of performing a transaction in ERC20 tokens:
1. `transfer` function.
2. `approve` + `transferFrom` mechanism.
Event handling is a standard practice in programming (Ethereum transaction should be considered an event): https://en.wikipedia.org/wiki/Event_(computing)
Unfortunately, ERC20 token standard lacks event (transaction) handling mechanism at all.
The `transfer` function will not notify the recipient that transaction happened. The recipient will not be able to recognize the incoming transaction! I wrote this illustration of the process that is leading to unhandled transactions and, as a result, stuck tokens and lost money.
Token balance is just a variable inside token contract.
Transaction of a token is a change in the internal variables of the contract (the `balance` of the sender will be decreased and the `balance` of the recipient will be increased).
As a result, if the recipient is a contract, users must transfer their tokens using the `approve` +` transferFrom` mechanism, and if the recipient is an externally owned account address, users must transfer their tokens via the `transfer` function. If a user will make a mistake and choose a wrong function then the token will get stuck inside contract (contract will not recognize a transaction). There will be no way to extract stuck tokens.
Does anyone of ERC20 token developers believe that users will never make such mistakes when developing their tokens?
At least $400 000 are already lost because of this mistakes.
2. approve + transferFrom mechanism is potentially insecure. Re-approval attack.
`approve` + `transferFrom` mechanism allows double spents.
This is not relevant unless there will be a possibility to create custom token-exchanges like Bancor token changer.
A possible attack is described here.