-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ERC777 Token Standard #777
Comments
Was there discussion of adding a Mint/Burn pair of events and/or mint/burn functions to this proposed standard? If this was discussed and rejected, what are the reasons for rejecting it? If it was not discussed, should it have been? While not foolproof (because a contract may neglect to call these events), it would make the automated accounting of ICO sales for token contracts that do comply a lot easier. To accurately account for existing ERC 20 token sales, one must read and understand the contract's code. |
What is the use of I would find better to stick to the needed stuff, such as:
Can you describe situations where |
@3esmit The For the May be a good alternative would be to integrate this 2 parameters in |
I suggest also adding a boolean return to tokenFallback, and token contract require a true return to accept transaction, in order to avoid this scenario: dapperlabs/cryptokitties-bounty#3 |
@3esmit This is problematic. This function is called after the transfer is done. So returning false would mean to rollback the transfer. This can add a lot of reentrance issues, so I decided that the function ether executes or throws the full transaction. |
I propose renaming Really like and support this proposal, exactly the vision that made me excited about ERC223 10 months (!!!) ago. We are considering making ERC777 the base standard for all the tokens issued on @aragon! |
This is an interesting proposal, but I worry about the entire ecosystem having to migrate to new multisig wallets in order to be able to receive ERC777 tokens. It seems like there was an attempt made to create a whitelist of contracts that one can safely transfer to even if they do not implement
But there is no such appendix, I would love to see it 😊 |
@onbjerg We are working on it. We are thinking in keeping this list open for a while (centralized) and close the list at some point (make it decentralized). |
Was there any consideration over allowing users to specify how much an operator can control, e.g. changing
One could use
I find this somewhat confusing and unexpected. We'll have a dichotomy of "ERC20" tokens: ones that will never call the It also feels odd because you don't have to support the ERC20 interface with EIP777, but you most likely will to support prior contracts expecting that standard. What if EIP777 was instead a superset of ERC20's interface but overrided specific parts, e.g. I kind of like and dislike the I guess an alternative could be |
@sohkai: 2.- The idea is that the receiver should have the warranty that the 3.- The big problem of maintaining |
As I have mentioned in other threads, I strongly recommend removing Decimals are easily the number one source of confusion for both token authors and users of ERC20. I strongly recommend removing this as a variable and instead asserting that tokens must have a certain "humanizing divisor". Reasonable choices IMO are:
I think the worst option is to continue to allow for variable humanizing divisors. This doesn't actually solve any real problems, since any chosen unit is very likely to be a wrong choice at some point in time (too big or too small). Also, since the token author can pick the token supply, allowing them to also choose the humanizing divisor doesn't give them any more/less power to try to target a "nice human-scale number". |
You mention |
I recommend splitting
At the callsite, this will provide a lot more clarity as to what is happening. |
This is rad. Its going to be a long, slow journey to move away from ERC20 but this is a good first step. Couple things:
Anyways, big 👍. ERC20 needs an upgrade. |
Public state variable for decimal is |
Unfortunately quite a few coins have a very good reason for selecting a different number of decimals. Many of them are in the wild already. Forcing all 10 n decimals would require internal restrictions that would, for example, force rounding of values or revert if an incorrect amount is specified. Our objective is seldom to expect people to interact directly with the blockchain but, as an example, MEW does a good job of removing the decimal confusion. |
Should the
|
Great stuff! 1- initially I too thought as @sohkai that I understand and share what you say
But I also think that it's an interesting addition to remind implementers to include optional limitation logic. 2- 3- Backwards Compatibility
I understand that new smart contracts will detect the right function to call (right?) |
@lyricalpolymath |
@alexvandesande To know if a contract implements |
@GoldenDave Others have made the same argument in the past but were unable to provide (IMO) a compelling argument as to why forcing the humanizing divisor to the same for all tokens is bad. The most common cited example is "what if I have a token that is pegged to USD (or similar), which only has 2 decimals?" In this case, you can still have 24 decimals (or whatever the standard defines) exposed to the user and the contract can internally store however it likes. In this case, you would simply multiply whatever internal value you have by |
@jbaylina I support reverse ENS, but I don't see why not also add this to the contract itself. Is simpler to build, will work on any network, including test networks etc. Also, to check ens resolver you need to have multiple calls (see if there's a resolver, then check the resolver etc) AND to have an extra function on the constructor function to set the ens resolver info. Again, I'm all for ENS, but why not add on the contract simple info like that? Reminds me of the debate on either tokens should have symbol and names on the contract or on a token registry: in contract won by the simplicity of it. Also: I'd like to propose to add a provable standard to this token. One of the most requested features I get from token creators is how to send tokens without having ether and I think it makes sense that should be a core function of whatever is the next big token version. |
During the HelloGold token sale, contributors received HGT which entitled them to a share of a reward token GBT (our gold backed token) which is related to the amount of management fees that we receive for storing clients' gold pro rated to the person's HGT holding. In order that anybody holding the minimum amount of HGT should receive GBT during a distribution we calculated that GBT would work with 18 decimals but as a result HGT would need to have 8 d.p. Any more precision would be pointless and misleading. It it rather dictatorial to say that everybody needs to normalise everything to meet a number of decimal points that do not particularly agree with them, especially when we already have a method of handling it. |
It is great idea - but when I ran a quick test on remix, a contract with a simple fallback function would falsely satisfy your requirements.
appears to return true when a non existent https://gist.github.com/DaveAppleton/ef44e9745b1f57c7ae0d6744a15bc5c6 |
@alexvandesande One of the nicest think of this standard is that not only you can have functionality in smart contract recipients, but also in any regular account. You can program for examle that you don't accept tokens sent to your public regular account. Or that you send half of it to a charity. |
@alexvandesande Regarding the This standard should allow for token contract creators to set some default operators to be authorised for everybody. |
@DaveAppleton I just tested your code and got
So it seems it should work. |
I need to understand the value that can be passed in data and operatorData parameters of the Send function in ERC777. Can someone brief me about that with an example. I know that it is bytes datatype. My question is about what should be converted to bytes datatype. Thanks in advance |
This is a finalized EIP. Please open questions like this on Stack Exchange or similar website. You will get great answers there, I promise. You can ping me @fulldecent and I will check it out. This thread here is for discussing the standard itself and any serious problems with the specification (since it is already final). |
Hello. There is a mistake in the description. In the first paragraph of |
@Revinand For non-normative changes (like typo fixes and such) you can just submit a PR against the EIP. Just go to https://github.com/ethereum/EIPs/blob/master/EIPS/eip-777.md and click the little edit pencil at the top right-ish. |
@MicahZoltu Ok, sure. My bad |
Is ERC777 vulnerable to short address attack? How to avoid it? |
@Revinand thanks. I saw the PR. I can't merge it but I hope an EIP editor will do it soon. @yuwiggin short address attack is more of a vulnerability in Solidity itself. There is not much to be done at the standards level. If you want to protect yourself against short address attack you can always check for the length of |
Latest version of Solidity has built in checks for incorrect calldata size IIRC. |
There has been no activity on this issue for two months. It will be closed in a week if no further activity occurs. If you would like to move this EIP forward, please respond to any outstanding feedback or add a comment indicating that you have addressed all required feedback and are ready for a review. |
This issue was closed due to inactivity. If you are still pursuing it, feel free to reopen it and respond to any feedback or request a review in a comment. |
EIP-777 specifies: | The token contract MUST call the This violates Checks-Effects-Interactions, and introduces a very real risk of vulnerability via sender hook, for any contract that implements ERC777. This should be changed from before to after, so that both OpenZeppelin implementers agreed that this was an issue, and they were planning to break with the ERC777 standard to make this change, although the change was not yet made in the OpenZeppelin implementation of ERC777. |
EIP-777 is final, so it cannot be changed. One could propose a new standard that depends on EIP-777 and changes this, but it would have to go through the whole EIP process. |
The issue @lukehutch pointed out is quite severe and the spec is lacking any indication of such. OpenZeppelin is now considering deprecating their implementation of ERC777 for the reasons mentioned, which is a decent start, but if the EIP doesn't explicitly warn about this danger, it could continue to be implemented as defined by those who fail to identify this issue independently. Is this a case for a non-normative clarification-- as defined in EIP-1 (e.g., to add a warning about the dangers here)? |
I wouldn't be opposed to the authors adding something to the security considerations section, but the specification itself should not be changed/updated. |
@MicahZoltu EIP-1 gives room for EIP errata:
ERC777 was finalized on 2017-11-20, and as far as I know, Checks-Effects-Interactions wasn't strongly promoted as a way to mitigate the largest class of smart contract attacks until a bit later. (The DAO attack was June 2016, but I don't think there was a consensus on how to mitigate this in Nov 2017?) Anyway I believe ERC777's violation of Checks-Effects-Interactions could definitely be considered strong grounds for a security errata for EIP777. It seems that that would be much better than deprecating the whole EIP, especially since it is quite popular. |
A normative change to the specification would require a new EIP. The technical standard side of things is meant to be immutable, and that immutability gives people guarantees about what they are communicating with. You could have a new EIP that is essentially just EIP-777 but with one minor change if you otherwise like it. It is also worth noting, there is no deprecation process for standards. People can voluntarily stop using standards, but we don't take any actions to decide which standards people should follow and which they shouldn't. There are many standards in this repository that I personally think are terrible and shouldn't be followed, but my role (and the role of all editors) is not to pass those sorts of judgements. |
@MicahZoltu Issuing a security erratum for EIP777 does not constitute a normative change. People need to be warned that if they implement EIP777 as it is defined, they risk putting their users at risk of a reentrancy attack. |
The ERC-777 specification was finalized on 2019-05-07. The check-effects-interactions best practice was documented in 2016-07-04. https://github.com/ethereum/solidity/blame/develop/docs/security-considerations.rst |
I would not be opposed to adding a Security Considerations section that just comments on the integration risk faced by people who integrate with ERC-777 tokens. I would like to see author approval though as I try to avoid making any changes to final EIPs without author approval other than just typo fixes. Fulldecent is correct here though, the checks-effect-pattern was known at the time of ERC-777 creation, I think to the authors even. |
@lukehutch @MicahZoltu thanks for your messages. I'm personally happy to add a warning about this if there are no oppositions from @tshabs and @jbaylina. I can make a PR this weekend (bit busy ATM) with the message and @MicahZoltu @tshabs @jbaylina can review it. As a side note, I was personally never a fan of the sender hook, but we had to compromise based on the community requests. I would actually be in favor of a newer simpler ERC-777 standard with a receiver hook only, directly on the receiver contract (bypassing ERC-1820). If anyone is interested with this, let me know. |
Hik |
Yes yes |
Thanks :)
This sounds a lot like ERC4524, if the operator framework of ERC777 was also removed. (The operator system in ERC777 is overly complex and should probably at least be simplified or reworked.) Is what you're envisioning already handled by ERC4524? |
Please, see https://eips.ethereum.org/EIPS/eip-777 for further discussion.
The text was updated successfully, but these errors were encountered: