B006: EIP Conformance

Sidenote: EIP vs ERC

Those two terms are usually used interchangeably although there is an important difference in their meaning. An ERC (Ethereum-Request-for-Comments) is a new proposal that is currently in a rough stage awaiting feedback from the Ethereum community as to whether it should move to the next stage.

EIP-20: Fungible Token Standard

Almost every member of the Ethereum community is familiar with EIP-20, more commonly known as ERC-20, denoting a set of interfaces a fungible token should conform to, a set of expected state changes as well as a set of events that it should emit for every state change conducted.

Token Decimals

The native currency of the Ethereum blockchain possesses 18 decimal places and as a convention, most tokens utilize that value given that it simplifies “exchanging” between the native currency’s and the token currency’s values. The EIP-20 standard denotes that the decimals member should be represented by the uint8 datatype but this is not always the case.

Maple Finance: Incorrect Decimal Assumption

No-Return Transfers

The EIP-20 standard denotes that both transfer and transferFrom invocations should yield a bool that indicates the transfer’s successful execution in case tokens want their errors to be gracefully handled instead of fatally halting execution.

Tether: Inexistent Return Value for Transfer

EIP-712: Ethereum Data Hashing & Signing

Another commonly used EIP standard is the EIP-712 standard, a deterministic methodology for computing valid cryptographic signatures that are meant to be consumed by an application to conduct authorized state changes on behalf of another party.

Cross-Chain Replay Attacks

The domain separator value is meant to differentiate signatures based on the domain they are being signed for as smart contracts may have the exact same interfaces and arguments and should be discerned against. A value that is utilized in the computation of the domain separator is the current EIP-155 chain ID, an identifier that can be dynamically retrieved to prevent replay-attacks.

Uniswap V2 Core: Incorrect Domain Separator Pattern


The EIP guidelines are carefully curated proposals that have undergone a rigorous review process by security-minded individuals and application developers alike; each instruction within is meant to be adhered to meaningfully and should be assumed as absolute.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alex Papageorgiou

Alex Papageorgiou

A Solidity security auditor keen to share his knowledge.