The following tokens are known to be non-standard ERC20 tokens. They may have additional risks that must be covered.
These tokens do not revert when a transfer fails, e.g. due to missing funds. Protocols that integrate these tokens must include a check for the transfer function's returned boolean success status and handle the failure case appropriately.
Token | Notes |
---|---|
Basic Attention Token (BAT) | |
Huobi Token (HT) | |
Compound USD Coin (cUSDC) | |
0x Protocol Token (ZRX) |
These tokens include ERC777-like transfer hooks. Protocols that interact with tokens that include transfer hooks must be extra careful to protect against reentrant calls when dealing with these tokens, because control is handed back to the caller upon transfer. This can also affect cross-protocol reentrant calls to view
functions.
Token | Notes |
---|---|
Amp (AMP) | |
The Tokenized Bitcoin (imBTC) |
These tokens do not return any data from the external call when transferring tokens. Protocols using an interface that specifies a return value when transferring tokens will revert. Solidity includes automatic checks on the return data size when decoding return values of an expected size.
Token | Notes |
---|---|
Binance Coin (BNB) | Only missing return data on transfer . transferFrom returns true . |
OMGToken (OMG) | |
Tether USD (USDT) |
Does not revert when calling permit
. Protocols that use EIP-2612 permits should check that the token allowance has increased or is sufficient. See Multichain's incident.
Token | Notes |
---|---|
Wrapped Ether (WETH) | Includes a non-reverting fallback function. |
Additional non-standard token behavior that could be problematic includes:
- fee on transfers
- upgradeable contracts (USDC)
- tokens with multiple address entry-points to the same accounting state
- non-standard decimals (USDC: 6)
- non-standard permits (DAI)
- do not reduce allowance when it is the maximum value
- do not require allowance for transfers from self
- revert for approval of large amounts
>= 2^96 < 2^256 - 1
(UNI, COMP)
Refer to d-xo/weird-erc20 for additional non-standard ERC20 tokens.