Loopring and SECBIT Labs have partnered to maintain a repository called awesome-buggy-erc20-tokens to collect and categorize many issues related to Ethereum ERC20 tokens.

ERC20 standard is one of the most popular Ethereum token standards since its birth on November 19, 2015 [1]. As of June 20, 2018, more than 90,000 ERC20 token smart contracts have been deployed according to the data from Etherscan. Here is a daily trend chart of ERC20 contracts created according to our statistics:

Of all contracts deployed on Ethereum, a huge part is designed for tokens and never could we overestimate their value [1]. However, BEC incident [2] set off a chain reaction of revealing more and more vulnerabilities and incompatible issues in contracts during past months. For now, reports and analysis on smart contract security issues contribute little to development and application as they are disorganized. The community is in need of a comprehensive solution to summarizing issues in contracts. Thus, SECBIT along with Loopring teams worked together for a list of Token contract risks after analyzing recent contract issues and numerous snippets of smart contract source code.

Due to the growing number of contracts deployed on Ethereum, more problems with greater complexities are yet to come. Therefore, we call for more teams and experts in blockchain to help us maintain this list of Token contract risks.

Summary of Issues in ERC20 Token Contracts

A Retrospect of ERC20 Token Incidents

ERC20 Token specification has gone through challenges and improvements since its growth. Lots of critical security issues have been revealed, some of which have led to severe financial losses for developers, investors, and even the Ethereum community as well, such as:

  • On June 18, 2016, the DAO hack caused a total loss of over 3,600,000 ethers (ETH) and the forced Ethereum hard-fork afterward led to the Ethereum community breaking apart [3].
  • On April 22, 2018, the attack on BeautyChain (BEC) contract hardly decreased the token price to zero through an integer overflow. We have found at least 10 other contracts with this problem.
  • On April 25, 2018, a similar integer overflow got uncovered in SMT. Hackers minted and dumped a tremendous amount of tokens, resulting in SMT’s collapse [4].
  • On May 20, 2018, another integer overflow problem was found in EDU along with other three Token contracts, which caused anyone could transfer out other accounts’ balances [5].
  • On June 12, 2018, a series of overflow bug in ERC20 smart contracts got uncovered (CVE-2018–11687, CVE-2018–11809, CVE-2018–11810, CVE-2018–11811, CVE-2018–11812). More than 800 contracts got affected according an incomplete statistics [6].

Failure of Satisfying Specification in Many ERC20 Contracts

Lots of ERC20 token contracts do not follow the ERC20 standard strictly, which is troublesome to developers of DApps on ERC20 tokens. After analyzing top 20 contracts, a famous DApp team warned the community of many nonstandard implementations in Token contracts [9] to help to avoid security issues in advance, especially for DApp beginners.

Nearly a third of the time developing Bskt was spent auditing external dependencies. We highly encourage other Ethereum dev teams to be aware of the dangers in external dependencies. Unlike software development in most systems, it’s critical to read the implementation of deployed contracts you depend on — not just the interface.

We also noticed that many deployed Token contracts once referred to nonstandard example code by Ethereum official website (fixed now) and OpenZeppelin (52120a8c42 [March 21, 2017] ~ 6331dd125d [July 13, 2017]). After upgrading Solidity compiler to 0.4.22, serious incompatibilities would arise in these contracts and they would have difficulty docking decentralized exchanges (e.g. DEX) and other dApps [7]. According to incomplete statistics, over 2,000 contracts have this issue.

Several Token contracts added redundant checks in standard approve(), causing many dApps (e.g. DEX) employing contracts like 0x being not able to perform approve() normally. The token developing team has to transfer a huge amount of tokens to the exchange’s intermediate account ahead, which troubles dApps and exchanges [8]. This issue resides in some 17 contracts.

Several querying functions like name(), symbol() and decimals() are defined as optional by ERC20 specification, so many Token contracts left them out or named them differently, such as NAME(), SYMBOL() and DECIMALS(), making them harder to be used by an external contract. More than 3000 contracts are troubled by this problem.

Another point worth mentioning is that two events — Transfer and Approval should get fired under certain circumstances as described by ERC20 specification. However, a reference implementation on the official Ethereum website missed Approval in certain cases (which has been fixed). Consequently, many token implementations which referred to this incorrect ‘official’ implementation suffered from the same issue.

Classifications of Issues

We have analyzed issues in over 10,000 ERC20 Token contracts and uploaded all data to GitHub repository: awesome-buggy-erc20-tokens.

All types of ERC20 Token issues (28 in total) are categorized into 3 general classes: Implementation Bugs (A), Nonstandard Functions(B), Excessive Authorities ©.

  • Implementation bugs cover all code & logic implementation vulnerabilities, e.g. integer overflow
  • Nonstandard functions consist of all version and external call incompatibilities caused by failing to meet with ERC20 standard, e.g. no return in an ERC20 interface
  • Excessive authorities include all risks resulted from improper authority allocation, e.g. set ownerby anyone

Here is an issue list:

The article, ERC20tokenissue_list.md, in the awesome-buggy-erc20-tokens repository describes every issue in detail.

Usage of The Risk List

  • Token contract developers: This list offers a detailed description of issues and lists of relevant contracts. We hope to notify ERC20 Token contract developers of security and help them get rid of past pitfalls.
  • DApp project team: DApps on Ethereum may dock multiple ERC20 Token contracts. DApp project team could refer to detailed info of deployed buggy contracts for issues, thus avoiding trouble due to bugs or incompatibilities in Token contracts.
  • Other participants in the ecosystem: This list collects numerous risks in ERC20 Token contracts along with info & problem details of top 672 Token contracts. You may search this repository for buggy contracts and learn risks in deployed Token contracts.

Content of The Risk List

‘awesome-buggy-erc20-tokens’ repository includes issues among over 10,000 ERC20 Token contracts. It can be divided into 3 parts: Contract Info, Buggy Token Contract List, Summary of Issues.

1. Contract Info

  • Contract Info List — contracts collected in the repository, also the source of all buggy contracts.
  • Detailed Contract Info List — detailed Token info from CoinMarket (a total of 672), consisting of ranking, name, symbol, totalSupply, decimals and exchanges.

2. Buggy Token List

These lists are in JSON and CSV format for spreadsheet importing and script analyzing

3. Summary of Issues

  • List of Issues — a total of 28 issue types along with detailed info: description, problematic implementation, recommended implementation, buggy contracts and links.

Take ‘batchTransfer-overflow’ as an example:

batchTransfer-overflow

Disclaimers

  1. All info in this list comes from public websites including Ethereum blockchain, etherscan.io, coinmarketcap.io, and others.
  2. All issues in this list have already been revealed publicly, and do not include unpublished issues.
  3. Please refer to the address if you find duplicate Token names; Token names are only intended for reference and they might be identical to some famous projects. Please do not over-decipher this.
  4. Please submit a pull request or inform us if you find any inaccuracy in this list.

An Open Source Effort

SECBIT Labs will maintain the awesome-buggy-erc20-tokens repository continuously with info support by Loopring team. We welcome your cooperations on this project for building a better Ethereum ecosystem. Participation Guide:

  • Submit addresses of buggy ERC20 Token contracts not listed in the repository;
  • Submit new issues in ERC20 Token contracts;
  • Submit advice for improvement or join our discussion.

We call for cooperations of developing a more-friendly frontend query page. If you have any questions or ideas, please join our discussion on https://gitter.im/sec-bit/Lobby.

About Us

Loopring and SECBIT will work together to contribute to a secure and reliable Ethereum ecosystem. Loopring will further partner with SECBIT to review and audit all ERC20 tokens before enabling them for trading by the Loopring Protocol. For details, please visit https://loopring.org.

Acknowledgments

Special thanks to DEx.top team for an early discussion on list editing & Jian Ye, Zongmin Yu, Yuhui Wu(Qingxin Tech), Yi Tang(ConsenSys China) along with other experts’ suggestions on the content.

Reference

Author: Yu Guo, Founder of SECBIT Lab. Proofread by Daniel Wang, Founder of Loopring Foundation. For more information regarding the project, please contact info@secbit.io.

Note that this post is not eligible for the translation bounty.


For more up-to-date information, join us on social media:
⭑ Twitter: twitter.com/loopring.org
⭑ Reddit: reddit.com/r/loopringorg
⭑ Telegram: t.me/loopring_en
⭑ Telegram: t.me/loopringfans (Chinese)