(1/10) The imBTC/Uniswap hack took advantage of the ERC777 standard, now I'm seeing many people saying that ERC777 is inherently bad or unsafe.
ERC20 is safer than ERC777 in the same way that Bitcoin is safer than Ethereum. It's safe because it's limited.
Here's some thoughts:
ERC20 is safer than ERC777 in the same way that Bitcoin is safer than Ethereum. It's safe because it's limited.
Here's some thoughts:
(2/12) First of all, for anyone that isn't familiar with ERC-777, you can think of it as ERC-20 2.0. It's a token standard that's backwards compatible with ERC-20, but adds some new features.
eips.ethereum.org/EIPS/eip-777
eips.ethereum.org/EIPS/eip-777
(3/12) The ERC-20 standard was written in 2015. It's very simple, which has helped it become so popular.
However, it's very "underpowered" for a system that's trying to create "programmable money". Many of Ethereum's UX problems come from limitations of the ERC-20 standard.
However, it's very "underpowered" for a system that's trying to create "programmable money". Many of Ethereum's UX problems come from limitations of the ERC-20 standard.
(4/12) ERC20's biggest issue is this whole "approve & pull" flow for using tokens
If I want to use Uniswap to convert ETH to Dai, I basically just send some ETH and get Dai
But if I want to swap Dai to ETH, I have to make 1 tx to approve infinite Dai, then another TX to swap it
If I want to use Uniswap to convert ETH to Dai, I basically just send some ETH and get Dai
But if I want to swap Dai to ETH, I have to make 1 tx to approve infinite Dai, then another TX to swap it
(5/12) This issue is because there's no such thing as "payable functions" in ERC20.
Contracts can execute code when they receive ETH, but not when they receive tokens.
ERC777 adds "hooks", which are basically payable functions for tokens.
Contracts can execute code when they receive ETH, but not when they receive tokens.
ERC777 adds "hooks", which are basically payable functions for tokens.
(6/12) This fixes maany UX issues. Dapps don't require allowances and double-txs.
You could even use many dapps by just sending tokens, instead of needing Metamask.
Imagine sending Dai to compound.eth and getting cDai. Then withdraw it by sending cDai back to compound.eth.
You could even use many dapps by just sending tokens, instead of needing Metamask.
Imagine sending Dai to compound.eth and getting cDai. Then withdraw it by sending cDai back to compound.eth.
(7/12) There's over $100,000 worth of USDC locked forever in the USDC contract.
People made a mistake and sent their USDC to the token contract, instead of to their recipient.
With ERC777, the contract could have rejected those transactions and keep people from losing money.
People made a mistake and sent their USDC to the token contract, instead of to their recipient.
With ERC777, the contract could have rejected those transactions and keep people from losing money.
(8/12) ERC777 + contract wallets would remove the issue of "spam tokens", since wallets could reject unwanted tokens.
(9/12) There's lots of other cool features (data fields, operators), but let's skip to the security issues.
(10/12) These hooks in ERC777 open up the issue of reentrancy attacks. This isn't a new attack vector, reentrancy caused the famous DAO hack.
What's new is this attack is possible with tokens. Developers assume ETH transfers are vulnerable, but token transfers are safe.
What's new is this attack is possible with tokens. Developers assume ETH transfers are vulnerable, but token transfers are safe.
(11/12) There's multiple ways this can be fixed. The Consensys audit suggests using a Mutex. You can limit the gas allowance for the transfer function (similar to the ETH transfer function in Solidity).
Uniswap V2 has already patched this issue:
Uniswap V2 has already patched this issue:
(12/12) TLDR: ERC777 is awesome, and I wish more tokens used it.
It does open up a vulnerability, but it's a vulnerability that Ethereum developers have been handling for years.
Don't write off a good piece of technology just because one contract got hacked.
It does open up a vulnerability, but it's a vulnerability that Ethereum developers have been handling for years.
Don't write off a good piece of technology just because one contract got hacked.
