poloniex_hacker_lost_funds.md

Poloniex exchange was just hacked.

A hacker made this transaction https://etherscan.io/tx/0xc9700e4f072878c4e4066d1c9cd160692468f2d1c4c47795d28635772abc18db

And the tokens got permanently frozen in the contract of GLM! This shouldn't have happened if ERC-20 GLM token would be developed with security practices in mind. But ERC-20 still contains a security flaw that I discloser multiple times (here is a history of the ERC-20 disaster).

You can also find a full history of my fight with Ethereum Foundation over token standards since 2017 here https://dexaran.github.io/erc223/

The problem is described here.

Here is a security statement regarding the ERC-20 standard flaw: https://callisto.network/erc-20-standard-security-department-statement/

As of today, about $90,000,000 to $200,000,000 are lost to this ERC-20 flaw. Today we can increase this amount by $2,500,000.

The problem with ERC-20 token is that it doesn't allow for error handling which makes it impossible to prevent user errors. It was known for sure that the GLM contract is not supposed to accept GLM tokens. It was intended TO BE THE TOKEN, not to own the tokens. For example if you would send ether, NFT or ERC-223 token to the address of the said GLM contract - you wouldn't lose it.

Error handling is critical for financial software. Users do make mistakes. It's a simple fact. Whether it is misunderstanding of the internal logic of the contract, unfamiliar wallet UI, being drunk when sending a tx or panicking after hacking an exchange - doesn't matter. Anyone could be in a position of a person who just lost $2,5M worth of tokens to a simple bug in the software that could have been easily fixed.

I would use an opportunity to mention that ERC-223 was developed with the main goal of preventing such accidents of "funds loss by mistake: https://eips.ethereum.org/EIPS/eip-223

What is even worse - EIP process doesn't allow for security disclosures now. There is simply no way to report a security flaw in any EIP after its assigned "Final" status.

I'm proposing a modification to EIP process to allow for security disclosures here: https://ethereum-magicians.org/t/modification-of-eip-process-to-account-for-security-treatments/16265/12

There are ongoing debates on submission of an informational EIP regarding the ERC-20 security flaw: ethcatherders/EIPIP#293

And the Informational EIP pull request: ethereum/EIPs#7915

We've built ERC-20 <=> ERC-223 token converter that would allow both standards to co-exist and eventually prevent the issue of lost funds https://dexaran.github.io/token-converter/

Also my team is building a ERC-223 & ERC-20 compatible decentralized exchange that will also remove such a weird opportunity to lose all their life savings to a software bug from users: https://dex223.io/

If you are rich and worried about ERC-20 security bugs dealing damage to Ethereum ecosystem and ruining users days - welcome to our ERC-223 family. We stand for security. We don't let our users funds to be lost by mistake.

FYI... https://dexaran.github.io/erc20-losses/

Some token contract addresses are more advanced, they include staking / burning / streaming / locking / vesting / migrating to V2 / any other primitive.

Just saying that the list is not 100% accurate. But still get the point, it can be life changing situation to some victims, pretty sure some people selfdestruct as a consequence.

Some token contract addresses are more advanced, they include staking / burning / streaming / locking / vesting / migrating to V2 / any other primitive.

Yeah, we already did some research and removed tokens that were obviously deposited to contracts on purpose. This is a very time-consuming task however as we need to go through all the media associated with hundreds of tokens to figure out what happened.

Here is a list of exclusions (without exclusions there were $2.4B lost):

https://github.com/Dexaran/dexaran.github.io/blob/master/erc20-losses-sources/src/constants/excludes.json

@marsrobertson

FYI... The other day I also suggested to include it by default: WETH10/WETH10#94

Thats a good effort but I don't believe that the problem can be solved on the wallet level. This is an inherent problem with the token standard.

1. You need to deposit tokens to contracts. Tokens that can't be deposited are useless.
2. ERC-20 doesn't have a "communication model" i.e. when it's sent to the contract it's impossible to recognize the transaction for the recipient.
3. In order to address pt.2 Vitalik and @frozeman developed a weird quirk which resembles a pull transacting method: approve & transferFrom pattern. It was not a smart design, it was a crutch to address a bug in early days EVM that doesn't exist since it was fixed in 2016.
4. However, leaving transfer() function without handling makes it impossible to handle transactions and therefore it's impossible to handle errors.
5. At the same time approve&transferFrom is very bad. It takes 2 transactions to deposit a token to contract this way, it requires more GAS than a direct deposit with a callback invocation, it introduces security risk as users are authorizing some third party to have access to their funds hence all the permit scams and approval-related accidents. Approvals are (1) unnecessary and (2) insecure.

Even if we solve the problem with unhandled transfer function in ERC-20 at the wallet level the problem of inherently wrong design and insecure method of depositing via approve&transferFrom will persist.

And the root of the problem is pt.1 - we need a proper method of depositing tokens to contracts. Pull tx method is good for credit cards, not for trustless systems.