Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sending to ERC667 recipient succeeds by calling fallback function even if ERC667Receiver.onTokenTransfer is not defined #57

Open
lukehutch opened this issue Jun 9, 2022 · 0 comments
Open

Sending to ERC667 recipient succeeds by calling fallback function even if ERC667Receiver.onTokenTransfer is not defined #57

lukehutch opened this issue Jun 9, 2022 · 0 comments

Comments

@lukehutch
Copy link

lukehutch commented Jun 9, 2022
edited
Loading

ERC667 suffers from the same problem as ERC223: if the receiving contract does not define the receiver function, ERC667Receiver.onTokenTransfer, then the receiving contract's fallback function will be called instead, and there is no way for the caller to know that this has happened, if the fallback function does not revert. This means that the purpose for which ERC667 was even created (ensuring that tokens can only be sent to contracts that actually support receiving them) is thwarted.

Please see ERC777/ERC1363/ERC4524 for how this should properly be handled, via ERC1820 or ERC165 interface registration, and (for ERC1363/ERC4524) return of a magic value (the function selector) to signify that the correct function has been called.

Also, onTokenTransfer is supposed to return (bool success), but the reference implementation doesn't even check the return value:

https://github.com/smartcontractkit/LinkToken/blob/master/contracts/v0.4/ERC677Token.sol#L35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lukehutch