Almost everybody in this space has heard the term Token, and the majority have heard the term ERC-20 Token, but I would wager that few really understand what they are, and how they differ from the main asset in the Ethereum network, i.e. Ether.
Just to be clear, a token is an asset that is created on top of an existing blockchain network. This is as opposed to what we would generically call a "coin", which is the actual asset whose rules for creation, transferring, and usage are governed by the code that runs the blockchain network itself. On the Ethereum network, things like USDC, Shiba Inu (SHIB), or Polygon (MATIC) are tokens, and Ether is what is commonly referred to as the "coin".
What do I mean when I say that tokens are created on top of the existing network? That's where ERC-20 comes in. ERC is an acronym meaning "Ethereum Request for Comments". For those of you familiar with networking, the internet is full of protocols that are defined by documents called RFCs, or Request for Comments. The name is not particularly good at helping understand what an ERC or RFC actually is. To put it plainly, it's a document that defines a set of rules for some kind of protocol or interaction between nodes on a network, and these rules are debated upon by the community before they come to a consensus. Hence the "request for comments" part. ERC-20 is the document that lays out a set of agreed upon rules for what a Token on the Ethereum network should be, and how users of the network can use it.
If you want to read the actual standard (it's pretty short), you can do so here: https://ethereum.org/en/developers/docs/standards/tokens/erc-20/
Ok, now here's the part you probably didn't know. An ERC-20 token on Ethereum (the same goes for any other blockchain network I can think of that has tokens) is actually just a smart contract. There is a single contract that is deployed that (hopefully) correctly implements the ERC-20 standard. It's a very simple contract, and pretty much all it does is maintain a mapping of all Ethereum addresses to their respective balance, keeps track of the current total number of tokens minted, and has functions that can be called to transfer the token, approve others to transfer the token, and a couple other helper functions to do things like get the balance of another address.
Now, here's the important part. When you receive an ERC-20 token, those tokens are not actually "in" your wallet. Literally all that happened is there the single data structure that is part of this smart contract updated to increase your balance and decrease the senders. This is all being managed by code inside a smart contract that could have been deployed by anybody. There is absolutely no guarantee that the code for the smart contract for a given ERC-20 token does the same thing as other ERC-20 token contracts, implements the standard correctly, or is free of malicious code and/or backdoors. When you interact with any ERC-20 token, you are interacting with code that is unique to that token, and it can do things you might not expect.
This is important to understand, because a lot of people believe that all ERC-20 tokens are essentially equal in terms of how you use them, and that once you have them in your wallet, you're safe as long as you don't touch them. This is a bad assumption to make. It is extremely easy for someone to make an ERC-20 token that has a built-in backdoor that would allow them to take the tokens from anybody else at any point. It's also possible to fool people into thinking the smart contract is safe by releasing source code that doesn't actually match the code that was deployed with the smart contract. This is a thing that happens, it's not just some crazy conspiracy theory idea. People have even gotten source code audited professionally so they could appear legitimate, but then when they deploy it, it doesn't match the code that was audited. Since the only truly visible part of a deployed smart contract is bytecode (and not human readable Solidity code), it can be hard to tell if small parts of the code have been tweaked to allow for malicious interaction with the contract.
Keep this is mind when using ERC-20 tokens in the future. Do not make bad assumptions.
Bonus PSA: NFTs are ALSO just tokens governed by smart contracts that (hopefully) implement the ERC-721 standard. They, too, can contain backdoors to yoink the NFT out from under you any time the creator wants. You do not actually own these assets. There is simply a variable that lists you as the current owner in the smart contract, which can be modified by other functions in the contract.
[link] [comments]
You can get bonuses upto $100 FREE BONUS when you:
π° Install these recommended apps:
π² SocialGood - 100% Crypto Back on Everyday Shopping
π² xPortal - The DeFi For The Next Billion
π² CryptoTab Browser - Lightweight, fast, and ready to mine!
π° Register on these recommended exchanges:
π‘ Binanceπ‘ Bitfinexπ‘ Bitmartπ‘ Bittrexπ‘ Bitget
π‘ CoinExπ‘ Crypto.comπ‘ Gate.ioπ‘ Huobiπ‘ Kucoin.
Comments