A place for developers to talk about building on Farcaster.

/dev

Co-founder and CPO @Sablier. Product designer and engineer.

The latter usually fails for public escrows where funds accrue, like @uniswap pools or @sablier vesting contracts 🏦

How to fix these?

Well, since there’s no way to quickly cover all these edge-cases, you should simply keep an eye out for such behavior when debugging.

Part 2

➡️ Admin rights

Some tokens come with admin rights. One such right is to burn assets from handpicked wallets or forcefully transfer them without the user's knowledge 🥷.  A far-from-standard practice resulting in assets disappearing from the protocol.

Well, what can we do?

Since it's yet again, a hard to predict behavior, keep an eye out for shady tokens. If your protocol is immutable, explain that forceful actions like burning tokens are at the discretion and the sole responsibility of the token admins.

Fixing what’s broken..

In the spirit of innovation, teams have already started implementing alternative systems, that may one day replace the ERC20 "standard"

- @fuel-network SRC20, where all assets are native (like ETH)
- @optimism SuperchainERC20, BEP20, xERC20
- @solana SPL

While these are great and show a need for improved token functionality, they don't all address the full list of gotchas we just went through.

As a final tip, learning to read the chain will help uncover more “mysteries” down the road 🕵️‍♂️

From basic analysis with Etherscan to (personal favorite) debugging at its finest with Tenderly , you’ll develop an eagle eye for unexpected behavior.

Things can always break. ERC20 have a dark side only known to select web3 product engineers. You are now one of them.

Prevent, fix or explain - either way, users will thank you. And when they're silent, it means you did an amazing job 🔥 hiding all this complexity from them. Congrats!

Picture this: you're building the next big thing on @ethereum

Your app allows users to __ ERC20 tokens. Cats, dogs, penguins, the US dollar, you name it, anything that's a token, users can __. They click the button. Something breaks.

Let's explore the dark side of ERC20s👇🧵

🧵

https://warpcast.com/razgraf/0x2d60ab71

The list, of course, is just the start. A few other quality-of-life features to consider:

- correctly handling token decimals (18 is common, not standard)
- preventing token addresses from being filled in recipient fields
- bundling allowances with txs ( @safe or EIP 5794)