Share this page!

๐Ÿฎ Mikko Ohtamaa Profile picture
Twitter logo
28 Jan, 20 tweets, 7 min read
1/ ERC-20 token standard approve() has caused an unnecessary cost of $53.8M for #Ethereum and #DeFi users

This is bad. Continue reading why and how to avoid this in the future.

๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡
2/ Before you go all rage on the flaws of my analysis, please read the whole Twitter thread for disclaimers and caveats.
3/ approve() is an unnecessary step of ERC-20 tokens when they interact with smart contracts.

You know this because when you do a Uniswap trade you need press two transaction buttons instead of one.
4/ Why there is approve() - you can read the history in this Twitter thread

5/ I queried all approve() transactions on Google BigQuery public dataset and calculated their ETH cost and then converted this to the USD with the current ETH price.
6/ These queries were made possible to awesome @EthereumETL team. They have created Google BigQuery dataset from real-time blockchain data. You can query over terabytes of Ethereum data FOR FREE.
7/ Here are instructions on how to execute your own queries:

medium.com/google-cloud/hโ€ฆ

(But links are outdated because Google Cloud has new UI)
8/ Total transaction on #Ethereum blockchain: 989,461,092

Woo! One billion transactions will be done in a few days!
9/ Total ERC-20 transfers(): 304,382,558

Includes only Externally Owned Accounts, EOAs.
10/ Total ERC-20 approves(): 14,921,106

Includes only Externally Owned Accounts, EOAs.
11/ The gas cost ERC-20 approves():

41327.870139658684 ETH
12/ Here is my query

gist.github.com/miohtama/02a72โ€ฆ
13/ You can query Ethereum transactions that call a particular smart contract function by the 4-byte signature of the function that is 1st parameter of tx data field.
14/ Binary function signatures are 4-bytes keccak256() hash of the @solidity_lang signature string. Here is an example:
15/ If you are a @solidity_lang or Vyper developer, consider ditching ERC-20 and include alternative token standard in your next token.

Alternatives for ERC-20 include:

ERC-777
ERC-667
ERC-827
ERC-223
(did I miss any?)
16/ Most of the new token standards, like ERC-777 are backwards compatible and work with ERC-20 enabled centralised exchanges.

Centralised exchanges do not need to do anything to support these new, better, token standards that make smart contract and #DeFi interactions safer.
17/ Or let's put it this way...

Every time someone creates a new ERC-20 token, hundreds of thousands of dollars die.

Let's actively demanding non-ERC 20 tokens from developers.

And if that does not work I suggest we start punching ERC-20 developers to face over the internet
18/ Newer token standards may "increase the attack surface", but in practice, this has not been a problem for high-quality #DeFi projects since 2018 or so.
18/ Note that raw approve() cost calculation comparison to newer token standard is not 1:1.

Newer token standards need some similar mechanism to pass user data as the part of the transaction, but this cost is lower compared to additional approve() tx.

Prove me wrong.
19/ FIN

CC @dmihal @FrancescoRenziA @abcoathup

Now I am going to climb the mountain, get fresh air and visit monkies

โ€ข โ€ข โ€ข

Missing some Tweet in this thread? You can try to force a refresh
ใ€€

Keep Current with ๐Ÿฎ Mikko Ohtamaa

๐Ÿฎ Mikko Ohtamaa Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @moo9000

๐Ÿฎ Mikko Ohtamaa Profile picture
27 Jan
1/ Welcome to #DeFi Wednesday.

Let's talk about how interest-bearing cash on a blockchain is going to revolutionise boring corporate treasury management that concerns every company is is a larger business than all crypto trading in the world.

Enter the thread

๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡
2/ Blockchain community is often seen as toxic maxis and redditors who shill other their weekly favourite shitcoin in the hope of getting Lambo.

Sometimes we also do things that progress humanity towards the better future and interest-bearing cash is one of those things.
3/ Less chad and more things that actually matter:

My incomplete theory of interest-bearing cash is also available also as a blog post:

capitalgram.com/posts/interestโ€ฆ

It is 15 pages. Pick your slow poison or die fast by continue reading here.
Read 58 tweets
๐Ÿฎ Mikko Ohtamaa Profile picture
15 Dec 20
1/ Here is my totally unscientific poll - what would happen to #Bitcoin if the US potentially starts to break up now when Trump, Proud Boys, Texas and others do not accept the election result?
2/ Bitcoin strives in chaos and anarchy. Having the US fall into chaos and anarchy would both weaken the dollar and strengthen the #bitcoin
3/ Thus, I suggest for all my friends on Twitter that they start to retweet Donald and associate themselves with any of these groups that seek to secend. Let's make some mayhem.
Read 4 tweets
๐Ÿฎ Mikko Ohtamaa Profile picture
14 Dec 20
This is why a dedicated laptop is better than a hardware wallet for #ethereum operations security.

The laptop does not need to be airgapped, it is enough you do not use it for other activities and do not install any software in it.
Hardware wallets do not usualy have a way to show enough human-readable metadata to allow to identify if the transaction is good.

- Verified token name on Etherscan
- If you have transacted with this address before
- The amount of tokens to be transferred
Hardware wallets are good for "dumb" coins like #Bitcoin, but their user experience, and thus the real security including human mistakes, is not in fact that good. It is impossible to verify from a hex dump WTF you are signing.
Read 4 tweets
๐Ÿฎ Mikko Ohtamaa Profile picture
27 Oct 20
1/ In the series of "Let's explore #Ethereum killers Tuesday" we have NEAR blockchain or @NEARProtocol in Twitter

If you are a smart contract dev or blockchain investor you will find this thread interesting.

๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡
2/ I participated in an online hackathon sponsored by NEAR: "Hack the rainbow".

This was around NEAR's Rainbow bridge product that allows tokens to move forth and back between NEAR and Ethereum blockchains.

gitcoin.co/hackathon/hackโ€ฆ
3/ The good

๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡

NEAR project started back in 2018 as "decentralised platform", aim to be the developer-friendly blockchain solution. However, it was not until 2019 when the project evolved a full blockchain and things became more interesting.
Read 49 tweets
๐Ÿฎ Mikko Ohtamaa Profile picture
9 Sep 20
1/ Your daily dose of $SUSHI ๐Ÿฃ๐Ÿฃ๐Ÿฃ

Because what else a #defi degens would needle in their veins on a Wednesday morning.

INCLUDES MIGRATION AND PENDING VOTING RESULTS

๐Ÿ‘‡๐Ÿ‘‡๐Ÿ‘‡
2/ The first and the last of $SUSHI dev fund and deployment multi-signature wallet voting is almost at its end.

Six hours to go, but voting is trickling down.
3/ 6 out of 9 members of this upcoming wallet can confirm transactions as Sushi the unregistered organisation
Read 18 tweets
๐Ÿฎ Mikko Ohtamaa Profile picture
7 Sep 20
1/ THE SAGA OF SUSHI ๐Ÿฃ๐Ÿฃ๐Ÿฃ

Things that went right and wrong in $SUSHI.

Enter the thread ๐Ÿ‘‡
2/ With Sushi" I mean commentators, farmers, traders, exchanges and all controversial characters in the saga. You.

There are only controversial characters on this one.
3/ There are no good guys.

Users were greedy - they though 1500% APY can be sustained.

Exchanges were greedy - Binance listed $SUSHI in 2 days when it usually takes months for a good project.
Read 47 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @moo9000 has new unrolls!

Check out other threads from @moo9000!

Read all threads by @moo9000