SNIP-2: the fungible token specification (a la ERC20) for Starknet #34
Replies: 3 comments 7 replies
-
Recently #28 was merged, which removed the approval and allowance methods from the specification. The rationale was that these methods are not necessary when every account is able to make multiple calls atomically in a single transaction. You can always transfer the exact or maximum amount of token needed at the beginning of a transaction, then call the contract that you just used to refund any excess tokens if necessary. This simplification is desirable because it reduces the surface area for building a fungible token on Starknet. In addition, approvals are a significant attack surface for ERC20 tokens. E.g. you approve a contract for the maximum amount, and then later the contract is found to have a bug or upgraded, now the contract can steal all the tokens that you approved. Also, approvals are quite difficult to work with for inter-contract interactions. Different tokens may include differences in behavior for approvals, e.g. approve only from 0 allowance. This creates a lot of edge cases when working with approvals between contracts that do not exist when you only use transfers. |
Beta Was this translation helpful? Give feedback.
-
Gm,
Especially because there is account abstraction as first class citizen this approval mechanism should stay in place. Besides that, the removal of transferFrom would effectively remove all possibility of doing off chain signatures (EIP712). This shouldn't become the standard of fungible tokens, but it does make sense for specific use cases. But it could be achieved using a wrapper around the standard ERC20 interface. In the hope that this comment may provide some input to this proposal 🙂 |
Beta Was this translation helpful? Give feedback.
-
I think that the primary objective should be to safeguard users from dApps that request infinite approval. This is a necessary evil on L1 that we need to try and eliminate on Starknet. As @moodysalem already highlighted, this presents a significant attack vector. However, I understand the concerns regarding breaking the API and the support for off-chain signatures. Therefore, another solution worth exploring is to nullify the spender's allowance after the transferFrom operation. In other words, there wouldn't be any remaining allowance (large or small) for the spender after the funds have been transferred. This approach would largely prevent users from long-term exposure to contract bugs. Of course, this should come in addition to the wallet's responsibility to flag dangerous transactions. Unfortunately, users don't always heed such warnings. |
Beta Was this translation helpful? Give feedback.
-
Discussion for https://github.com/starknet-io/SNIPs/blob/main/SNIPS/snip-2.md
Beta Was this translation helpful? Give feedback.
All reactions