Overview
Incorrect ERC token standard implementation is a major source of integration bugs and security vulnerabilities. Missing return values, wrong event signatures, and missing reentrancy guards on ERC-777 hooks have caused significant losses. ChainProof needs a dedicated ERC compliance rule set.
Standards to Cover
ERC-20 (CP-ERC20)
- Missing bool return on transfer/transferFrom — breaks integrators
- Missing Transfer and Approval events — breaks indexers and integrators
- Non-standard decimals — should return uint8, not uint256
- Direct approve without increaseAllowance/decreaseAllowance pattern (race condition)
ERC-721 (CP-ERC721)
- Missing safeTransferFrom reentrancy guard — onERC721Received callback creates reentrancy vector
- Missing supportsInterface — required by ERC-165
- Unrestricted _mint callable without access control
ERC-1155 (CP-ERC1155)
- Missing TransferSingle/TransferBatch events
- Missing onERC1155Received reentrancy consideration
Detection Strategy
- Detect which ERC standard a contract implements via function signature heuristic
- Apply the corresponding compliance rule set
- Scale finding severity to exploit impact
export function detectERCStandard(ast: ASTNode): 'ERC20' | 'ERC721' | 'ERC1155' | null
export function checkERC20Compliance(ast: ASTNode, source: string): Finding[]
export function checkERC721Compliance(ast: ASTNode, source: string): Finding[]
export function checkERC1155Compliance(ast: ASTNode, source: string): Finding[]
Acceptance Criteria
References
Overview
Incorrect ERC token standard implementation is a major source of integration bugs and security vulnerabilities. Missing return values, wrong event signatures, and missing reentrancy guards on ERC-777 hooks have caused significant losses. ChainProof needs a dedicated ERC compliance rule set.
Standards to Cover
ERC-20 (CP-ERC20)
ERC-721 (CP-ERC721)
ERC-1155 (CP-ERC1155)
Detection Strategy
Acceptance Criteria
References