The end of summer is a great time to set personal goals, to soak in the final days of sunshine and to reminisce about the summer’s major events, like the promise made by Jordi Baylina, Jacques Dafflon and Thomas Shababi to introduce the ready-made ERC-777 token community standard, which is intended to replace the world’s most popular token standard, the ERC-20. The promise was made by Baylina on July 20 at the DappCon forum in Berlin, where important initiatives, tools and updates related to the Ethereum blockchain are traditionally discussed. The developer stated that the ERC-777 was ready to be launched and would be made fully available in August.
However, August has now come and gone, with the development team seemingly keeping silent — or possibly preparing a surprise — around the latest attempt to create a new standard on Ethereum blockchain. While no updates related to ERC-777 have appeared on GitHub since July, a Twitter post made by Baylina last week may give us a little clue about the upcoming release. And his teammate Jacques Dafflon put us even closer to ERC-777, though we still know nothing about the exact date of its release:
We had more work and more feedback than anticipated and I had to focus on my thesis which delayed the work on the actual standard. I have to clarify a couple things in the standard and update the reference implementation. We hope to move ERC777 to last call soon as well.
— Jacques Dafflon (@jacquesdafflon) September 19, 2018
For now, let’s go back in time to better understand the background of such an initiative.
Why was it necessary to change the most popular token standard in the world, which has served as the basis for more than 60,000 projects — including EOS, with a capitalization of more than $4.5 billion — and for the tokens of one of the world’s largest crypto exchange, aka Binance? In order to answer this question, it is necessary to compare both existing and new standards, and then assess the risks of their application.
While Bitcoin is considered the most popular cryptocurrency in the world, Ethereum is not only the second most popular cryptocurrency, but also the blockchain that led to a boom in crypto markets during 2016-2017. If there were no Ethereum platform, there would never have been the phrase “to the moon”, which turned cryptocurrency from entertainment for geeks to a new tool for classical investors and millions of ordinary people in a matter of months.
The main merits of the Ethereum blockchain include that the process of developing an application is extremely simple and the procedure for issuing a token using a smart contract goes off without the slightest hitch. Now, creating a token — that is, issuing a new crypto — can be done by anyone in one minute. This ease led to the explosive ICO boom. Another tool that could further contribute to the development of the ICO market was a single standard for tokens — and thus appeared ERC-20.
The ERC-20 standard
Prior to standardization, Ethereum developers had to create a separate Solidity-based smart contract for each token. In fact, each time, it was necessary to create a new, unique type of smart contract. And the founders of an exchange or wallet had to write a unique code to support each new token. The more tokens that appeared, the more difficult this process became. In addition, tokens issued on unique smart contracts were poorly compatible with each other.
Before ERC-20 was created, Ethereum developers have created a single standard for all tokens — the ERC-20, where ERC means “Ethereum Request for Comment” and 20 is the number of the community request, which in this case is arbitrary.
The emergence of a single standard, which was released in 2015, revolutionized the crypto industry and became the central guideline, specifying which functions and events have to be implemented in a smart contract. Never before was the issuance, exchange and cash out of new currencies so simple.
The standard contains the six mandatory parameters of a smart contract and is responsible for three main directions:
1. Setting the initial distribution of tokens:
totalSupply — determines the maximum number of tokens, which upon reaching, the smart contract stops issuance.
balance0f — a function that assigns a primary number of tokens to any address.
2. Transferring tokens:
transfer — a function that moves tokens from the primary address to the address of the new owner following the results of an ICO.
“transferFrom” — a function that moves tokens between users.
3. Performing management functions:
“approve” — a function to check the availability of tokens for a smart contract.
“allowance” — a function to confirm that the address has enough tokens to initiate the transfer.
Once this standard was formulated, exchanges and wallets were able to unify their code in order to handle any tokens created with the ERC-20 protocol. The growth of future applications using ETH then skyrocketed, as was expected.
The challenges behind the ERC-20 standard
Developers of decentralized networks are programmers first and foremost, and then businessmen. Therefore, in decision making, one almost always follows formal logic. For example, some of developers might be not very concerned about a “51 percent attack” either because the coin itself depreciates or because the attack cost can exceed the profit received by a hacker. But it seems the organizers of such attacks have a completely different logic, which is proved by a big number of new attacks in 2018.
The next thing that the developers did not overlook was considering a token’s functionality to be necessary only for an ICO launch but not for any additional services. This proved not to be the case — some teams, even those far from programming, began to explore possibilities of blockchain. For example, this led to appearance of tokens created for fun, as was the case of the Useless token.
Other custom features could even damage users’ security. For example, some developers implemented the option of recharging exchange accounts through the simultaneous execution of the “approve” and “transferFrom” functions. The funds were written off from the sender’s account but were not credited to their exchange balance, since the functionality of the recipient’s smart contract as a deposit was not determined. The problem was that the Ethereum developers did not provide such an option for using this kind of transfer and did not prohibit it, and blockchain did not initially support the self-determination function of the contract. As a result, the owners of the cryptocurrency lost millions of dollars, disappearing into the network forever — as the money simply disappeared if the unfulfilled transaction was not immediately canceled by the sender.
This vulnerability was noticed by security auditor Dexaran, who subsequently developed the ERC-223 standard, in which the “tokenFallback” function was added — which is launched if the “transferFrom” function isn’t performed. Despite the invention, however, this new function, created by the anonymous programmer, hasn’t yet received widespread acceptance.
One more vulnerability has been detected by Lucas Cremer, a Solidity developer from Germany, in June, after Solidity update. It turned out that a significant percentage of ERC-20 tokens — which the author called “bad tokens” — behaved in yet another way regarding the return values of the transfer function. The transfer functions of these token contracts did not return anything. Indeed, among the affected tokens were those of Binance and OmiseGO. What one should be concerned about, Corner states, is that such assets could start behaving in an unpredictable way, and he warned that the bug needed to be fixed “as soon as possible.”
ERС-777: A Heavy Left-Hook Attack on ERC-20
Since tens of thousands of tokens, exchanges and wallets closely interact with ERC-20, its vulnerability is irremovable, — so the Ethereum developers have decided to issue a new standard with a name inspired by the lucky number 777.
EIP (Ethereum Improvement Proposals) on ERC-777 were published on Nov. 20, 2017 and received the community’s approval. However, in order to fully function, the new standard needed an auxiliary ERC-820 protocol, which set the principles for the formation of a single register of smart contracts. With the help of this centralized registry, the main problem of the Ethereum blockchain — the impossibility of determining the functions performed by the contract — was solved.
How does it work now? Any contracts with a description of the functions can be entered into the register once and for all; and, when executing a transaction, the blockchain can apply to the register to clarify the permissible actions. If a user attempts to perform an invalid operation with the tokens, they simply remain on the account and do not disappear.
At Berlin’s DappCon, Jodi Baylina and Jacques Dafflon explained the specifics of the new standard by using a new term — “hook” — to determine “functions that can be called during a transfer.” These functions operate in conjunction with the ERC-820 protocol to provide a simple type of a detailed introspection which is lacking in ERC-20. Thus, it becomes possible to check whether a token possesses concrete features in order to perform or decline the operation, making the smart contract even smarter. The new ERC-777 standard will fix the problem of a recipient’s tokens being lost when sent to a contract that doesn’t support the receiving or managing such assets. Because of such a bug, the Ethereum community has already lost millions of dollars. A big part of the funds appear to be trapped inside some of the top ICO projects contracts forever. Here are some of them:
However, protection against token loss as a result of incorrect transactions is not the only innovation of the new standard, which is aiming to further develop the blockchain.
For example, ERC-777 creators built in a ‘trusted operator’ function for the first time, which can transfer and burn tokens on behalf of the owner. This is achieved by executing the ‘authorizeOperator’ function and can be used, for example, to perform instant, automatic payments in ETH.
In addition, this standard allows you to check the address of the recipient for availability concerning ‘white’ or ‘black’ lists through the function ITokenRecipient. Additionally, the ‘hooks’ mentioned above make possible the monitoring of the behavior of a token, depending on the circumstances, which allow you to block certain addresses and perform a number of other actions — including the intervention by the sender and the receiver in the transaction process.
If you need additional details on ERC-777, you can consult the relevant thread on Ethereum’s GitHub.
A curtain call, number 20
The ERC-777 standard is backward compatible with ERC-20, and any project based on the previous version of the standard can be transferred to the new one without problems. We can assume that the exchanges and wallets, which work with the tokens of the previous standard, will react positively to the initiation of ERC-777 — which finally closes the legendary ‘hole’ in the Ethereum blockchain. In practice, this will mean simplifying the procedure for listing coins on the new standard, which could cause a new surge in activity in the crypto industry comparable to the wave of enthusiasm in 2016-2017.
In addition, the new standard significantly expands the functionality of the Ethereum blockchain system, which will attract the attention of developers. Rampant discussion of the new standard serves as the brightest evidence.
And finally, the ERC-777 standard contains completely redesigned functions and logic, which will avoid crosses with other tokens standards and confusion when executing smart contracts.
Speaking about the disadvantages of ERC-777, yes, there is one: It relies on a centralized register of smart contracts — which is not an ideal approach within the decentralized ideology of blockchain. This will require additional measures from the Ethereum developers to ensure the security of its registry.
A famous crypto YouTuber “Ivan on Tech” is sure that the success of ERC-777 is just a matter of time, even despite the fact that the Ethereum Foundation might be slow in writing off ERC-20 entirely:
“Going forward, [the] Ethereum Foundation really [needs to get] behind ERC-777, and it could replace ERC-20, because it’s better. And therefore, it’s all about [the] Ethereum Foundation still has quite an influence and they are currently pushing for ERC-20. This is what they are advertising the most. But, in the future, it might be the case that we switch to ERC-777.”
Perhaps, a new, promising token standard will give a fresh impetus to the development of the Ethereum network — and ETH, in particular, which has hit a new low since July: $194. Until then, while GitHub is keeping silent, there seems to be nothing better to do than just letting the Ethereum team finish their work — we know that they are good at it.