







If Bitcoin was the killer app for blockchain, then the ERC20 token standard is the killer app for smart contracts on the Ethereum blockchain. ERC20 refers to a shared set of rules for Ethereum tokens. ERC20 is strikingly simple, and that simplicity is not just a technical attribute, but the engine of today's token economy. This simplicity has allowed thousands of startups to act as their own investment banks, underwriters and entire crowdfunding platforms. Thanks to ERC20, blockchain startups can raise tens of millions of dollars per startup from a global pool of investors, quickly and with little friction.

Why? Because adherence to this common standard means that tokens can be readily traded, managed and listed within a vast ecosystem of desktop and mobile wallets, as well as centralized and decentralized exchanges.



The impact has been profound. In all of 2017, startups globally raised raised US $5 billion through token sales, or initial coin offerings (ICOs), a method of crowd funding by selling cryptocurrency tokens that represent a stake in a project or in the startup itself. This was several times the amount raised through traditional venture capital and seed financing in the same period. In the first four months of 2018, ICOs matched the amount raised in all of 2017. The vast majority of these appear to have been done via Ethereum-based ERC20 tokens.



The Ethereum blockchain had only been live for a month when the ERC20 token standard, also known as EIP20 for Ethereum Improvement Proposal 20, was proposed by Ethereum co-founder Vitalik Buterin. The base standard is strikingly simple: query the total supply of tokens as well as the token balance of a specific address; transfer tokens from one address to another; and grant approval for someone else to transfer on your behalf. It is not even a requirement that an ERC20 token have a name or symbol, although these “extensions” to the standard have become ubiquitous.



Within this commonality lies a great deal of autonomy. The inner workings of each token smart contract are entirely up to the originator. A straightforward token contract can be implemented in a dozen lines of Solidity, the dominant programming language of Ethereum smart contracts. Complex tokens can run to hundreds of lines of source code and include any kind of functionality. Common add-ons include vesting and lockup periods, the ability to pause and resume, and “air drop” or gifting mechanisms used to freely grant tokens to loyal participants. ERC20, by virtue of its simple design, gives developers an extraordinary amount of freedom.



While developer can make their tokens as complicated as they desire, there are strong arguments for simple design. The more complex a computer program, the higher the risk of the programmer introducing errors into the code. Smart contracts are no exception, and a recent case involved a bug in bulk transfer functionality that was present in several ERC20 tokens. The mistake exposed these tokens to price manipulation by malicious hackers on several crypto exchanges.



The challenge for startups is to find a way to stand out, despite a common standard. There is an existing corpus of ERC20 templates that have been used by dozens of projects and audited multiple times, but new ICOs are constantly looking for ways to demonstrate innovation in their token in order to rise above the crowd when seeking funding. Pressure to be first to market with new token functionality has taxed the limited pool of experienced smart contract software developers to deliver new tokens as quickly as possible.



ICO projects spend tens or hundreds of thousands of dollars on third party audit services to review their customized token smart contracts prior to launch in an effort to hunt down and fix any bugs. Still, auditors are not perfect. The mistake made in The DAO smart contract, an early ICO launched in March 2016 and subject to a $50M hack ($3B at the present value of ETH), is one of the first lessons new Ethereum developers review when learning how not to write smart contracts. The DAO smart contract underwent its own professional third party audit as well as extensive community scrutiny before being given the ill-fated stamp of approval.



Problems may arise when third parties introduce complexity to the ecosystem surrounding the ERC20 standard. In some cases, problems with a token aren’t with the smart contract itself, but rather third party tools’ interpretation of the relatively lightweight specification. For example, the popular Etherscan.io website requires tokens to issue a “Transfer” event when new tokens are created (minted) or destroyed (burned), whereas the ERC20 standard only suggests it as a good idea for token creation alone. Tokens following the letter of the standard run the risk of Etherscan.io and other token websites displaying incorrect token balances or supply.



In another example, a malicious hacker inserted JavaScript code into the “name” field of their custom ERC20 token. When viewed on the popular EtherDelta decentralized exchange, this code stole the private keys of any user unfortunate enough to have simply viewed the hacker’s token.



The ERC20 standard has gone a long way to democratizing and popularizing trading of crypto tokens. The question is, will this simplicity hold up in the face of a rapidly developing industry? As investment banks and institutional investors continue to pile into the space, they will have to merge the complexity of their status quo with the elegant simplicity of the dominant incumbent token standard. Let’s hope they can.



Jeff Wentworth is the co-founder of Curvegrid, a blockchain startup based in Tokyo, and a former vice president at Goldman Sachs.





