-
Notifications
You must be signed in to change notification settings - Fork 5.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERC1003 Token Standard (ERC20 Extension) #1003
Comments
You are transferring tokens to the tokens contract. I'm not sure that's a great idea. Also, if you want the receiver contract to get the tokens from the token contract you need to approve the amount first (before the .call(_data)). The receiving functions need to be payable as well if you intend to transfer value (eth). |
@mad2sm0key thanks! Forgot to add this code, this was code from my mind. |
@mad2sm0key think of it as of everyone is spending only it’s own tokens. And you will see, this idea will solve ERC827 |
@k06a The updated code makes more sense now. However, your example depositToken can be used to deposit tokens for any account. There is no authentication. Maybe one is not needed in your particular case. That's pretty much the same as in ERC827. You can't really know who the actual sender is. |
@mad2sm0key the |
Hey @spalladino @shrugs @facuspagnuolo what do you think? |
@k06a How much gas does this use ? Oh, and the surrender is a nice idea. |
!!!NOT VALID ANYMORE, IMPLEMENTATION CHANGED COMPLETELY!!!ERC827 and ERC1003 gas comparisonhttps://gist.github.com/k06a/e3fb2b2b4cfed193338193f88d5dc376 ERC827
ERC1003 without surrender
ERC1003 with surrender
|
While this might solve some issues with #827, it's vulnerable the same way #827 is, so I'd suggest putting a big warning "This standard is still a draft and is proven to be unsafe to be used" (copied from #827) at the top of this issue and closing it. |
@mg6maciej ok, but why to close this issue? |
Unless you want to actively work on making it secure (maybe together with @AugustoL, author of #827), it's better if less eyes see it. Open issues are just a bit easier to browse though. Closed issue is also a warning sign. See #821, which was an alternative to #721 before they joined forces. Maybe @AnthonyAkentiev from Thetta/Thetta-DAO-Framework would not reference this and #827 if they were both closed before. |
One more try:
|
Or even shorter version of
|
Updated theme message |
It seems ERC1003 will work for ERC721 |
There has been no activity on this issue for two months. It will be closed in a week if no further activity occurs. If you would like to move this EIP forward, please respond to any outstanding feedback or add a comment indicating that you have addressed all required feedback and are ready for a review. |
This issue was closed due to inactivity. If you are still pursuing it, feel free to reopen it and respond to any feedback or request a review in a comment. |
This standard is still a draft and is proven to be unsafe to be used
Simple Summary
An extension of the standard interface ERC20 for tokens with method that allows safely pass and handle tokens into smart contracts.
Abstract
I propose to move tokens from spender to destination contract over fake
caller
, which will bemsg.sender
.Also this standard protects from ERC20 stealing, example:
In case of separate calls for ERC20:
approve
anddepositTokenCanBeStolen
tokens of the stranger can be used for the task he doesn't wanna support. Someoneapproves
tokens, and another person can spend it, that's why usually developers usetx.origin
– but this prevents tx chain length scaling.ERC827 comparison
msg.sender
tells that_spender
pays, you can check it only usingtx.origin
.msg.sender
pays himself for_beneficiary
, nothing to worry about.Token
ERC20 Methods
All usual ERC20 methods.
ERC1003 Methods
transferToContract - ERC1003
Implementation example:
Example of smart contract, compatible with both ERC20 and ERC1003 :
Also can deposit all
allowed
tokens:The only mandatory argument is
_beneficiary
.The text was updated successfully, but these errors were encountered: