Manual cross post for Original post at r/ethereum.
r/Ethereum Today’s Headline, The Original Post of Said Tragedy
TL,DR: We should start a campaign, here is our appeal:
All wallet software orienting average user, shall ban the action of, or give the scariest warning it can give if the user initiates a tx that directly calls transfer function to a Contract address. We should promote and accelerate the deprecation of raw ERC-20, and the wider adoption of newer, more robust and fault-proof ERC-777 and ERC-1555 standards.
No matter what role you are playing in the scene – Blockchain developers, DeFi users, NFT hodlers, investors, today’s tragedy is a serious alarm to us all that, Ethereum, along with many other blockchain technologies, are yet to be fully fledged for mass adoption.
This is fully understandable because the nature of new technologies is, no matter how many work we do to make the design perfect, it needs to be tested in the field first for problems to be reveal and fixed.
ERC-20 token standard is one of them, it’s such a classic standard with long history and a whole ecosystem built upon it, but we all forgot that the philosophy behind its design is still immature, leading to serious loophole and design failure.
Sending ERC-20 token to any sort of Smart Contract is pointless and exceedingly dangerous. In usual business logic, if user want a certain smart contract to have certain token, what they should do, and the way the Smart Contract should absolutely implement is: user approve in ERC-20 token contract first, then you make user to call a function exposed by your Contract, in the function, your Contract calls transferFrom function on ERC-20 Token Contract, so that your contract is aware of this transfer.
An ERC-20 transfer function call, to ANY CONTRACT ADDRESS, initiated by END-USER (EOA address), is POINTLESS and will ALWAYS result in PERMANENT, UNRECOVEABLE TOKEN LOSS.
Today’s tragedy is caused by collective effect of many factor: The nature of Ethereum that all addresses look the same; Lack of user education on smart contract (I see why people blaming weth.io on this, it’s fully reasonable, today’s victim might came up with the idea him/herself that: hey I send ETH to the contract, got WETH, now I send WETH back, ETH back, that’s what the GIF on weth.io says! completely not knowing what’s under the hood, the anonymous fallback function and etc.). Lack of on-chain logic checking and preventing this (it would cost everybody’s gas).
But the most unforgivable factor is the NEGLIGENCE of wallet software: ZERO warning upon sending ERC-20 token to a Contract Address, on the UI I just saw “Contract interaction: Transfer”, and I’m good to go! To PURGE ALL OF MY HODLING with single mouse click!
That’s not how fault tolerance/fault proof should be done – to be honest, that’s zero fault proof.
Green across the board, we are good to go right? POOOOF, SNAFU, a poor guy’s life saving gone.
This issue has been around for years, and of course, everything on chain is accessible, etherscan.io can tell if an address is a contract, Infura can tell if it’s a contract. But metamask, ledger live, xxx wallet and etc cannot tell if the address in the text input is a contract.
So, once again in the end, We should start a campaign, here is our appeal:
All wallet software orienting average user, shall ban the action of, or give the scariest warning it can give if the user initiates a tx that directly calls transfer function to a Contract address. We should promote and accelerate the deprecation of raw ERC-20, and the wider adoption of newer, more robust and fault-proof ERC-777 and ERC-1555 standards.
submitted by /u/cyanlink
[link] [comments]