ERC404: a new standard or a new risk?
Explore the risks associated with ERC404, a novel token standard blending fungibility and non-fungibility, and the implications for users and projects in the cryptocurrency space
What is ERC404?
ERC404s represent a novel and experimental token standard developed by 0xacme, which was launched on the Ethereum network in early February 2024. This standard combines the fungibility of ERC20 tokens with the unique characteristics of ERC721 non-fungible tokens (NFTs).
Similar to other tokens, ERC404s are a set of smart contracts deployed on the Ethereum blockchain. They seamlessly merge features from both fungible and non-fungible tokens within a single framework. Specifically, an ERC404 contract facilitates the creation of both an NFT and a fungible token simultaneously at a predetermined ratio.
One of the significant advantages of ERC404s lies in their ability to address liquidity concerns commonly associated with NFT collections. By incorporating fungible tokens, projects can establish liquidity pools, thereby reducing friction in NFT trading and enhancing overall project liquidity. This contrasts with traditional NFT trading platforms, which often suffer from liquidity issues primarily stemming from auctions. However, ERC404s mitigate this challenge by incorporating fungible tokens into the trading process.
Users need to approach interactions with ERC404s with caution, given their experimental nature and lack of formal auditing. Being a nascent standard, ERC404s have not yet been proposed as an official Ethereum Improvement Proposal (EIP).
How does an ERC404 token work?
The ERC404 token functions to enhance liquidity for NFTs. Each user who owns a token also possesses an NFT simultaneously, and vice versa.
When a user purchases 1 token, they automatically receive an NFT. Similarly, if they acquire an NFT, they are also provided with 1 token.
Whenever a user sells a token or an NFT, the corresponding NFT or token is burned.
During token transfers to other users, the sender's NFT is burned, and the recipient is issued a new NFT. Conversely, when an NFT is transferred, the associated token is also transferred.
However, if a user possesses a fractional token and does not have a sufficient amount to mint a new NFT, no new NFT will be created.
Top outstanding ERC404 projects
A prominent project in the ERC404 arena is Pandora, boasting a market capitalization exceeding $246 million. Noteworthy projects such as Anon, DeFrogs, and others are in high regard.
Recent Hacking Incidents Associated with ERC404
Due to its novelty and experimental nature, the ERC404 token poses significant risks as it has not yet achieved standardization. Projects implementing this protocol are susceptible to high risks.
The ERC404 Loogn represents an advanced iteration of the ERC404 protocol, operating on the Binance Smart Chain (BSC) network.
On February 15th, the project fell victim to a hacking incident resulting in a loss of $1.6 million. Detailed information regarding the transaction can be found at Transaction Details
The vulnerable contract associated with this incident is located at Vulnerable Contract
The contract contained a method enabling users to transfer their NFTs to the contract, which would then exchange them for ERC20 tokens.
The contract has a method that allows a user to transfer their NFT to the contract and the contract will transfer back ERC20 tokens.
Below is a revised version of your text with improved syntax and clarity:
Following the code snippet provided:
Initially, the contract verifies whether the caller owns the specified number of NFTs by checking their NFT balance.
Subsequently, it confirms whether the caller has approved the transfer of all NFTs to this contract.
In the third step, the contract continues to assess whether the caller's balance is sufficient to exchange for the requested number of NFTs.
An essential step involves the caller transferring a specific number of NFTs to the contract, as specified by the _amount parameter.
Finally, the contract transfers the current ERC20 token balance to the caller.
A fundamental vulnerability stems from the contract's failure to verify whether the _amount parameter is zero. Consequently, a caller can transfer zero NFTs to the contract and receive ERC20 tokens as a result, exploiting this flaw for profit.
Conclusion
The ERC404 protocol is not yet a standardized smart contract code; rather, it remains an experimental template currently under development. Therefore, any project upgrading to this ERC should be thoroughly researched. In the cryptocurrency industry, users must exercise caution when utilizing DeFi applications and should only trust those that have been vetted and deemed reliable.