ERC-20 is the most prominent Ethereum standard for fungible tokens. Tokens
implementing the ERC-20 interface can interoperate with a large number of
already deployed internet-based services and Ethereum-based smart contracts. In
recent years, security vulnerabilities in ERC-20 have received special
attention due to their widespread use and increased value. We systemize these
vulnerabilities and their applicability to ERC-20 tokens, which has not been
done before. Next, we use our domain expertise to provide a new implementation
of the ERC-20 interface that is freely available in Vyper and Solidity, and has
enhanced security properties and stronger compliance with best practices
compared to the sole surviving reference implementation (from OpenZeppelin) in
the ERC-20 specification. Finally, we use our implementation to study the
effectiveness of seven static analysis tools, designed for general smart
contracts, for identifying ERC-20 specific vulnerabilities. We find large
inconsistencies across the tools and a high number of false positives which
shows there is room for further improvement of these tools.

By admin