ERC223 token standard

[Dexaran]

The below is an old draft of the proposal. The up-to-date proposal can be found at https://eips.ethereum.org/EIPS/eip-223

Discussion should occur at https://ethereum-magicians.org/t/erc-223-token-standard/12894

---

ERC: 223 Title: Token standard Author: Dexaran, dexaran@ethereumclassic.org Status: Draft Type: ERC Created: 5-03.2017 Reference implementation: https://github.com/Dexaran/ERC223-token-standard

---

Abstract

The following describes standard functions a token contract and contract working with specified token can implement to prevent accidentally sends of tokens to contracts and make token transactions behave like ether transactions.

Motivation

Here is a description of the ERC20 token standard problem that is solved by ERC223:

ERC20 token standard is leading to money losses for end users. The main problem is lack of possibility to handle incoming ERC20 transactions, that were performed via transfer function of ERC20 token.

If you send 100 ETH to a contract that is not intended to work with Ether, then it will reject a transaction and nothing bad will happen. If you will send 100 ERC20 tokens to a contract that is not intended to work with ERC20 tokens, then it will not reject tokens because it cant recognize an incoming transaction. As the result, your tokens will get stuck at the contracts balance.

How much ERC20 tokens are currently lost (27 Dec, 2017):

1. QTUM, $1,204,273 lost. watch on Etherscan

2. EOS, $1,015,131 lost. watch on Etherscan

3. GNT, $249,627 lost. watch on Etherscan

4. STORJ, $217,477 lost. watch on Etherscan

5. Tronix , $201,232 lost. watch on Etherscan

6. DGD, $151,826 lost. watch on Etherscan

7. OMG, $149,941 lost. watch on Etherscan

NOTE: These are only 8 token contracts that I know. Each Ethereum contract is a potential token trap for ERC20 tokens, thus, there are much more losses than I showed at this example.

Another disadvantages of ERC20 that ERC223 will solve:

1. Lack of transfer handling possibility.
2. Loss of tokens.
3. Token-transactions should match Ethereum ideology of uniformity. When a user wants to transfer tokens, he should always call transfer. It doesn't matter if the user is depositing to a contract or sending to an externally owned account.

Those will allow contracts to handle incoming token transactions and prevent accidentally sent tokens from being accepted by contracts (and stuck at contract's balance).

For example decentralized exchange will no more need to require users to call approve then call deposit (which is internally calling transferFrom to withdraw approved tokens). Token transaction will automatically be handled at the exchange contract.

The most important here is a call of tokenReceived when performing a transaction to a contract.

Specification

Token Contracts that works with tokens

Methods

NOTE: An important point is that contract developers must implement tokenReceived if they want their contracts to work with the specified tokens.

If the receiver does not implement the tokenReceived function, consider the contract is not designed to work with tokens, then the transaction must fail and no tokens will be transferred. An analogy with an Ether transaction that is failing when trying to send Ether to a contract that did not implement function() payable.

totalSupply

function totalSupply() constant returns (uint256 totalSupply)

Get the total token supply

name

function name() constant returns (string _name)

Get the name of token

symbol

function symbol() constant returns (bytes32 _symbol)

Get the symbol of token

decimals

function decimals() constant returns (uint8 _decimals)

Get decimals of token

standard

function standard() constant returns (string _standard)

Get the standard of token contract. For some services it is important to know how to treat this particular token. If token supports ERC223 standard then it must explicitly tell that it does.

This function MUST return "erc223" for this token standard. If no "standard()" function is implemented in the contract then the contract must be considered to be ERC20.

balanceOf

function balanceOf(address _owner) constant returns (uint256 balance)

Get the account balance of another account with address _owner

transfer(address, uint)

function transfer(address _to, uint _value) returns (bool)

Needed due to backwards compatibility reasons because of ERC20 transfer function doesn't have bytes parameter. This function must transfer tokens and invoke the function tokenReceived(address, uint256, bytes calldata) in _to, if _to is a contract. If the tokenReceived function is not implemented in _to (receiver contract), then the transaction must fail and the transfer of tokens should be reverted.

transfer(address, uint, bytes)

function transfer(address _to, uint _value, bytes calldata _data) returns (bool)

function that is always called when someone wants to transfer tokens. This function must transfer tokens and invoke the function tokenReceived (address, uint256, bytes) in _to, if _to is a contract. If the tokenReceived function is not implemented in _to (receiver contract), then the transaction must fail and the transfer of tokens should not occur. If _to is an externally owned address, then the transaction must be sent without trying to execute tokenReceived in _to. _data can be attached to this token transaction and it will stay in blockchain forever (requires more gas). _data can be empty.

NOTE: The recommended way to check whether the _to is a contract or an address is to assemble the code of _to. If there is no code in _to, then this is an externally owned address, otherwise it's a contract.

Events

Transfer

event Transfer(address indexed _from, address indexed _to, uint256 _value)

Triggered when tokens are transferred. Compatible with ERC20 Transfer event.

TransferData

event TransferData(bytes _data)

Triggered when tokens are transferred and logs transaction metadata. This is implemented as a separate event to keep Transfer(address, address, uint256) ERC20-compatible.

Contract to work with tokens

function tokenReceived(address _from, uint _value, bytes calldata _data)

A function for handling token transfers, which is called from the token contract, when a token holder sends tokens. _from is the address of the sender of the token,_value is the amount of incoming tokens, and _data is attached data similar tomsg.data of Ether transactions. It works by analogy with the fallback function of Ether transactions and returns nothing.

NOTE: since solidity version 0.6.0+ there is a new reveive() function to handle plain Ether transfers - therefore the function tokenFallback was renamed to tokenReceived to keep the token behavior more intuitive and compatible with Ether behavior.

NOTE: msg.sender will be a token-contract inside the tokenReceived function. It may be important to filter which tokens are sent (by token-contract address). The token sender (the person who initiated the token transaction) will be _from inside thetokenReceived function.

IMPORTANT: This function must be named tokenReceived and take parametersaddress, uint256,bytes to match the function signature 0xc0ee0b8a.

Recommended implementation

This is highly recommended implementation of ERC 223 token: https://github.com/Dexaran/ERC223-token-standard/tree/development/token/ERC223

[nmushegian]

Have you considered allowing this feature set by extending ERC20 with approveAndCall? Inside the "charging" contract you'll have one function call in any case (in this case transferFrom), but on the caller side entering is now an atomic operation, similar to transferToContract

[Dexaran]

The main goals of my proposal were:

1. Prevent accidentally sent tokens from being held by contract.
2. Allow users to deposit their tokens in contract the way simple as ether by a single transaction (i.e. transferToContract( ) call) with no need to call approval than call transferFrom.
3. Make token transactions behave same as Ether transactions.

approveAndCall assumes that target contract will call transferFrom and its not like Ether transactions do. There is no need to allow target contract to withdraw tokens from someone (tx initiator). There is no need to fire Approval event also. From a logical point of view, we should just notify target contract that transaction appears. Also fire Transfer event with no approvals.

[Dexaran]

Updated my ERC23 token code with a function assembling receiver address to ensure token contract if the receiver is a contract or an address.

[nmushegian]

Ok I think I see where you are coming from...

What about, devs generally seem to want to replace the "execute on transfer" for ETH with a hard coded token interface with no execute on transfer, potentially just ERC20?

Is this a bad side effect or a naturally good thing? Doesn't exec-on-transfer make the simplest use cases more complex and maybe more dangerous, while not allowing anything really new?

[Dexaran]

exec-on-transfer make the simplest use cases more complex and maybe more dangerous

for contract developers you mean. From users point of view we just need to call 'transfer token' on MEW or transfer directly in contract and dont care any more about what is going on instead of calling approval then calling deposit or something like this with a chance of mistake that will cause a loss of tokens.

[nmushegian]

for contract developers you mean. From users point of view we just need to call 'transfer token' on MEW or transfer directly in contract and dont care any more about what is going on instead of calling approval then calling deposit or something like this with a chance of mistake that will cause a loss of tokens.

Contract devs are not being unsympathetic to user experience by nitpicking the semantics of contract code... I understand that approve + doSomething is not optimal UX, but these are things you can abstract away at the user interface level, and this abstraction honestly has very few side effects, while making composing contracts more safe ("what stuff could happen if I transfer this token here?")

(personally I think the real base abstraction is a binary per-address approve but that is another side thread)

[Dexaran]

Well designed token contract assumes you need to trust only contract and ethereum EVM. UI level abstraction assumes you need to trust UI developers. It also requires some things to be done by UI devs. I dont see any abstraction that is required already done. So what reason is to make a lot of requirements and dependencies between contract developers,UI developers and users when there is a way to avoid it. At the other hand the main problem of every cryptocurrency is network bandwidth right now. Transferring of ERC20 token to the contract is a couple of two different transactions in fact. While transferring ERC23 token to a contract is a single transaction. ERC20 transfer to contract also fires Approval event then fires Transfer event. Such irrational use of blockchain can cause extra bloating. ERC23 transfer fires only Transfer event.

[izqui]

We were thinking about doing a similar proposal from Aragon while working on economic abstraction for companies. We finally decided approve and transferFrom was a simpler interface and more secure.

[Dexaran]

Simpler and more secure? What reasons do you have thinking so? I named my reasons. Easier usage. Better optimization. Less requirements.

[izqui]

In the current implementation, if a contract doesn't implement the receiver protocol, the transfer of tokens to an address that happens to be a contract will throw https://github.com/Dexaran/ERC23-tokens/blob/master/ERC23_token.sol#L56

Also I see the problem that the receiver needs to keep a list of what tokens it supports.

[izqui]

Also I didn't know about approveAndCall, but it seems the way to go for me.

My two cents, I would be happy to see approveAndCall be part of the standard, but your current solution, while cool, I think it would bring too much overhead to an already very simple and versatile protocol.

[izqui]

There could be a standard to approveAndCall data payload that calls the similar to your so called fallback in your proposal, and the this fallback doing some delegatecall magic could actually call a function in the contract passing the sender and the value as function params. In the fallback function you could do your token accounting and then call whatever function the caller wanted.

Sorry for the ramblings, I think I will actually come up with a parallel proposal for this.

[Dexaran]

In the current implementation, if a contract doesn't implement the receiver protocol, the transfer of tokens to an address that happens to be a contract will throw

As I said earlier it's done to prevent accidentally transactions of tokens to contract address where tokens will not be accessible any more. Contracts are throwing accidentally ether transactions if no fallback payable function is implemented. The same mechanism for accidentally token transactions not exists so Im suggesting to implement it now.

Also I didn't know about approveAndCall, but it seems the way to go for me.

approveAndCall may be a good thing or may be not but now it is not implemented in ERC20 and will not solve accidentally token transactions between address and contract so Im not suggesting to implement approveAndCall.

My proposal solves a number of problems:

1. Accidentally transactions between address and contract that is not supporting this token will no longer cause a loss of tokens.
2. For users: Allows not to care about contract logic of work. To transfer tokens wherever you want, you always need to call only the transfer function.
3. For contract developers: Allows to handle incoming token transactions similar to incoming ether transaction.
4. It also optimizes blockchain usage.

If you found my proposal too complex to accept, then I found this increase in complexity a reasonable price, which should be paid for preventing accidental loss of tokens in the entire future.

Also I see the problem that the receiver needs to keep a list of what tokens it supports.

I don't see it is a problem but if this is the only thing that prevents the token standard from being accepted I designed a light version of contract-receiver. It will accept every incoming ERC23 token and do nothing with it. It can be called "token-trap" contract. You can browse it here: https://github.com/Dexaran/ERC23-tokens/tree/light_version

[frozeman]

I do like it, in fact i would also suggest for wallet contracts that the fallback func fires an standard event on the receiving contract called TokenTransfer(address _from, uint _value) Tho i would rename the fallback func to t(...) or tokenFallback(...), sounds better.

[izqui]

@Dexaran those are all good points indeed. Sorry if the feedback seemed harsh, I'm indeed really interested in getting closer to economic abstraction so contracts can operate with tokens in a similar way the can with ether.

What do you think about the fallback function being something liket(address tokenSender, uint value, bytes data) and then the fallback function can do a delegatecall to itself with this data to simulate a payable function?

[frozeman]

How you mean simulate a payable function?

Btw i don't fully understand why a contract should add supported tokens? As long as a contract fires the fallback function, it will be ERC 20 + 23

[Dexaran]

Btw i don't fully understand why a contract should add supported tokens?

Contract that is working with a specified tokens may contrain a mapping of supported tokens.For example if we are working with only Unicorns and incoming Token123 transaction appears we should reject transaction of not supported Token123. Supported token may also be hardcoded or set inside receiving contract in any way you prefer. I just recommended addToken and removeToken functions to be in contract but they are not required.

[frozeman]

Im not sure if i would make that into the standard, i find the fallback function useful, but as long as they are ERC 20 the contract should be able to deal with it. If he wants to reject certain tokens, than thats something they can do, but it doesn't need to be part of this standard.

[izqui]

By simulate a payable function I mean that after the token fallback is called, a specific function in the contract is called.

A rough, pseudo-Solidity implementation would be:

contract TokenReceiver {
  function t(address tokenSender, uint value, bytes payload) {
     if (_data) {
         delegatecall(this, payload)
     }
  }

  function foo() {}
}

So you could do transfer(contractAddress, value, '0xc2985578') in the token and have it call the function foo() in the receiving contract by sending value with a token. Maybe a couple of parameters should be added to the foo() like functions so they get the sender and the amount of tokens received.

The only thing that would need to be included in the standard is the case in which transfer has a payload parameter, as the way you handle it in the fallback could be up to every contract to decide how to do it.

Also regarding supported tokens, I think if a specific contract wants to only support a set of tokens or blacklist a specific one they can do it as part of their implementation, but I support the idea @that it shouldn't be included in the standard.

[Dexaran]

@frozeman I would recommend to "reject everything that is not marked as supported" but not "accept everything that is not marked to be rejected" because of when contract like the dao-refund is written it shouldn't accept any of incoming token except DAO. If DAO-token is not ERC23 so there is no way to accept anything ERC23 and we should place function tokenFallback(address _from, uint _amount) { throw; } inside dao-refund to make every ERC23 be rejected. But if we need to make a DAO23 refund contract to accept ERC23 standard based tokens (DAO23) we should specify DAO23 as allowed. So any other ERC23 token will still be rejected. Token standard is a recomendation to token developers how to develop their tokens in the best way. So I found it important not only recommend how tokens should be developed but also how token transactions should be handled. Do you think it is not needed to be included in token standard?

[Dexaran]

What do you think about the fallback function being something liket(address tokenSender, uint value, bytes data)

@izqui as I understand it you are recommending to make token transactions behaving one step more similar to Ether transactions. Where t(address tokenSender, uint value, bytes payload) means address tokenSender == msg.sender uint value == msg.value bytes payload == msg.data

[izqui]

Exactly. And the actual msg.sender of t(...) is the token being used to transfer value.

So extending your comparison you would have:

address tokenSender == msg.sender uint value == msg.value bytes payload == msg.data msg.sender == ether

[Dexaran]

Of course. tx.origin is now an address who is sending tokens, msg.sender is contract of sent token, msg.data is data signifying what function to call inside the token contract and payload is data signifying what function to call inside contract-reveiver of tokens. Also tokenSender is address who is sending tokens too when only contract of tokens and contract-receiver are involved and no other contracts are called. I found it awesome idea but I need to do some tests. So I cant say anything more specific right now.

[izqui]

Something to keep in mind regarding tx.origin is that in the case of usingtransferFrom(), tx.origin will be the authorized address to make the transaction and not the former token owner, which tbh I'm not really sure which one of the two should be accounted as the sender in this case.

[Dexaran]

I see we are 1 step away from creating Token-based Ethereum inside Ether-based Ethereum. According to your idea token fallback function should handle incoming token transactions only in this manner:

function tokenFallback(address _from, uint _value, bytes payload){
  if(_data){
    delegatecall(this, payload);
   } else {
    //tokenFallback code here
  }
}

Because of Ether fallback function handles only transactions of value (ETH). And as @frozeman said its not a part of token standard already. I found your idea cool but as for me I dont really know. So I want to get more feedback and do some more tests. And of course there is always a possability just to ignore incoming data and handle only _from and _value as I suggested earlier.

[Dexaran]

I decided that token transaction must contain bytes data.

It's not a solution of any of the problems I'm aiming to solve but it may be needed for future use. As long as there is a way to attach data to Ether transactions I think there should be a way to do the same with token transactions too. I don't care how exactly this will be used to attach HEX messages to token transactions or to encode inner functions execution but the way to attach data to the transaction (token or Ether) must exist. As the result of this transfer function is changed and now contains bytes _data.

[Dexaran]

Now ERC23 is 100% backwards compatible with ERC20 and will work with every old contract designed to work with ERC20 tokens.

[eburgel]

Nobody wants to lose its token by mistake. There are hundreds of transactions to 0x0 address though. So in our token contract we added : 1) A test rejecting every sent to the 0x0 address. 2) A specific burn address letting the user to burn explicitly some token if needed. 3) the supply function returns initialSupply - balanceOf[burnAddress];

I don't know if it should be included in the standard, but all our futur token contracts will include these points.

[Dexaran]

@eburgel you should implement a function like this function (address _contract, uint _amount) { ERC20 token = ERC20(_contract); token.transfer(msg.sender, _amount); } if you want to use ERC20 token standard because of you may want to refund someone who sends tokens to your contract. (or even to claim his tokens and sell them) You don't know what tokens it will be. But there is an easier solution: just use ERC23. ERC23 tokens will not be accepted by a random contract that is not designed to work with them.

[aakilfernandes]

IMHO this should be handled by the UI, not at the core level. Doing a code check on every transfer places a gas burden on every token holder.

[alex-miller-0]

Agree with @aakilfernandes. I personally would never use this because it's way too much gas to handle errors that IMO should be handled by an application's second layer.

I do really like the idea of sending an ERC20 token value with a function call but that seems like a protocol level change.

[Dexaran]

this should be handled by the UI, not at the core level

@aakilfernandes there is no code check for wrong transfer. There is a tokenFallback function execution. It is solving a number of described problems including all accidentally transfers to contracts. Also UI will never allow you to handle incoming token transactions. I dont see any UI level protection already done. But I see $10000 already lost so Im proposing a token standard that will solve it once and forever with no need to placing a duty on every UI developer.

Agree with @aakilfernandes. I personally would never use this because it's way too much gas to handle errors Doing a code check on every transfer places a gas burden on every token holder

@aakilfernandes @alex-miller-0 I dont realize what are you talking about. Did you browsed my code? ERC20 token transfer consumes 36500 gas. ERC23 token transfer consumes 38000 gas. How much transactions should happened to cover lost $10000 with 1500wei each? approve than transferFrom consumes at least 60000 gas while transfer to contract with fallback function execution consumes 38000 gas (transferFrom and tokenFallback functions are doing nothing at this example) so ERC23 is about 2 times cheaper.

[Dexaran]

If you are interest in gas usage optimization you should look at this. Imagine you have a token exchange contract where tokens can be deposited and than exchanged and withdrawn. ERC20 token exchange pattern: 1) approve token1 2) deposit token1 3) approve token2 4) deposit and exchange token2 to token1 and withdraw token1 and send token2 to exchange order placer.

Each point is a transaction. ERC23 exchange pattern:

1) Deposit token1 2) Deposit and exchange token2 to token1 and withdraw token1 and send token2 to exchange order placer.

You can deposit, exchange and re-send tokens with a single transaction. I wrote this contract example and you can watch it here: https://github.com/Dexaran/dataPayload/blob/master/PayloadExchange_example/DEXchange.sol This cotract is deployed here on Ropsten: https://testnet.etherscan.io/address/0x3BAD1B198bAC2dE458B5BCeE1ec0c99733B03cF2

This is the first token deposit: https://testnet.etherscan.io/tx/0x6e99ff5b628fc3fceaa959499d8488a761558feee73ba1fe7c067c1ece6440de

This is a token transaction that calls exchange and transfer of token1 and token2 to their buyers: https://testnet.etherscan.io/tx/0xf41529fb61de85a3e1ea45682f285ce7e23ea0c9f5283c392a4ca445eb14c92b

[Remi-Burgel]

@Dexaran With approveAndCall patern we let the choice to the contract to accept or not the full stack of token.

For example, in an exchange you may want to buy 3 "things" for 1000 tokens each. You don't know if the price will go up or down duing the future block so you approve 3100 tokens. If the price goes up a little you will still be able to buy the thing, avoiding you to guess the future price.

However it doesn't consume the given allowance so I don't know if it's a valid thought

Edit : approvance can let you transfer token directly from an account to another, avoiding to put the token on a contract and then transfering them elsewhere. This may not be a big gas economy but it seems more logical for the usecase of contracts

[Remi-Burgel]

I'll add another thing about approveAndCall and receiveApproval : Some token contracts already have them because it was already a proposition during last summer while ERC20 was in construction.

Anyway, the option for the user to transfer directly to an address without knowing if this is a contracts and the logic of everything seems cool to me. But in the real world the user use app and never call directly the transfer function with code. All of this can be layered in the app

[Dexaran]

With approveAndCall patern we let the choice to the contract to accept or not the full stack of token.

A real exchange is filling orders. If you are trying to fill orders that are already filled you will get your funds back and no trade will happened. If you want to fill orders even if their price will be higher than last trade price you should set a price higher.

When you are trying to buy ETH on Poloniex and ETH price is 0.038BTC you can set a price to 0.05 and send a buy request. So 0.038 orders will be filled then 0.039 will be filled when there will be no more 0.038 orders then 0.040 orders will be filled etc. If you need to buy 3 "things" not depending on "thing" price you should send more tokens in your transaction. You will buy your 3 "things" then extra tokens will be send back to your address. But its an exchange logic already. ERC23 allows you to do it with no problems.

approvance can let you transfer token directly from an account to another, avoiding to put the token on a contract and then transfering them elsewhere.

Yes. But approveAndCall exchange execution is: tx 1. approve of token1. tx 2. deposit token1 intor exchange contract. tx 3. approveAndCall -> transferFrom(token1) -> transferFrom(token2). So there are: Approval(token1), Transfer(token1), Approval(token2), Transfer(token1), Transfer(token2) events. In case of ERC23 there will be: tx 1. Deposit token1. tx 2. Deposit token2 -> send(token2) -> send(token1). There are: Transfer(token1), Transfer(token2), Transfer(token1), Transfer(token2) events. I dont see any real difference here.

[Dexaran]

For those who are saying:

IMHO this should be handled by the UI

You should keep in mind that every error-prone interface will lead to a loss of money. Who can guarantee that every future UI developer will never make a mistake? I found it important not only to abstract users from contracts logic but to abstract UI developers from contracts inner logic too.

Also this should be handled by the UI since 2015 but still it is not done so I'm suggesting a solution of the existing issue.

[recmo]

I see separate use-cases for:

1. having a smart-contract act on your behalf and
2. having a smart-contract own tokens.

The former seems to be best served by approveAndCall and the later by tokenFallback. (Eventhough technically any solution using one can be converted into a solution using the other).

I'm currently working on a dual implementation. The specification is not clear on how tokenFallback should be used in transferFrom. The reference implementation does not call it at all. This appears to me as going against the intend: suppose contract C does not want tokens T. If A transfers to C directly, it will fail. If A transfer to C via intermediary B, it will succeed. If we take transferFrom to mean act-on-behalf-of, the correct behaviour should be as if the intermediary was not there, so tokenFallback should be called with A as _from. For completeness' sake there should also be a transferFrom(address _from, address _to, uint _value, bytes _data).

PS: I would suggest removing the private functions from the specification. Specifications should be about the external interface, not implementation details. These can go in a reference implementation

[Dexaran]

The specification is not clear on how tokenFallback should be used in transferFrom

In no way. approve and transferFrom functions are supported only due to backwards compatibility reasons. Every contract that is designed to work with ERC20 will work with ERC23 with no problems. As for me Im suggesting to never use approve or transferFrom and use transfer every time if it is possible.

contract C does not want tokens T. If A transfers to C directly, it will fail. If A transfer to C via intermediary B, it will succeed

You are wrong. Let me explain why: as C doesnt support ERC23 tokens T, C should implement this code: function tokenFallback(address _from, uint _value, bytes _data) { if(msg.sender==T) { throw; } } so when A is transferring ERC23 token T to C contract, A is calling T-contract asking him to transfer tokens to C and call fokenFallback at T with this args msg.sender=T (token contract is calling fallbackToken), _from=A, _value=amount of T. when A is transferring tokens T via intermediary B this will happen: A is calling T-contract to transfer tokens to B and execute tokenFallback on B --> then B is receiving tokens T and executing tokenFallback and transferring tokens to C (B is calling T-contract asking him to transfer T to C and execute Cs tokenFallback). tokenFallback will be executed at C with this args: msg.sender=T, _from=B, _value=amount of T.

As you can see you should filter incoming tokens by msg.sender where msg.sender will always be a token contract address.

PS: removed private functions. Also removed a ton of commented examples code from contractReceiver example.

[izqui]

I forked @Dexaran original repo and worked a bit on a proposed implementation with some tests and refactoring the code a bit.

Also I used @openzeppelin heavily used and tested token implementations as the base for all ERC23 interfaces and implementations, no need to reinvent the wheel here. I think it is helpful to define ERC23 as a superset of ERC20, rather than a complete different standard.

Here is the repo: https://github.com/AragonOne/ERC23

The core ideas are the same as we have been discussing here, but the StandardReceiver provides for the receiver a tkn struct that mimics the msg struct for traditional transactions.

The now working provisional API looks like this for a receiver:

contract ExampleReceiver is StandardReceiver {
  function foo() tokenPayable {
    LogTokenPayable(tkn.addr, tkn.sender, tkn.value);
  }

  function () tokenPayable {
    LogTokenPayable(tkn.addr, tkn.sender, tkn.value);
  }

  event LogTokenPayable(address token, address sender, uint value);
}

I added Zeppelin's Standard Token tests to the repo to prove that it is completely backwards compatible and the current ERC20 transfers keep working as expected. On top of that I added really simple tests that test ERC23 basic functionality.

There are more details in the readme of the repo.

Let me know what you think!

[Dexaran]

There is a vulnurability in approve function so I'm thinking on removing it from ERC23 standard as it will never be needed any more because of tokenFallback implementation.

vulnerability is described here

I'm asking for more feedback about is approve needed and in what cases. I'm about to remove approve and transferFrom at all.

[nmushegian]

@Dexaran I'd like to explain my token standard idea that depends on a TRXID opcode before you go all-in on this: https://github.com/ethereum/EIPs/issues/222

The key is that his opcode enables you to revert transactions that don't balance without needing to enter an arbitrary contract's scope to do "approve-and-call".

Can you join dapphub.chat and PM me (@ nikolai)?

[recmo]

when A is transferring tokens T via intermediary B this will happen: A is calling T-contract to transfer tokens to B and execute tokenFallback on B --> then B is receiving tokens T and executing tokenFallback and transferring tokens to C (B is calling T-contract asking him to transfer T to C and execute Cs tokenFallback). tokenFallback will be executed at C with this args: msg.sender=T, _from=B, _value=amount of T.

Correct, but that is if the B supports ERC23. I'm talking about a scenario where B is a legacy non-ERC23 contract. B would be using the ERC20 approve and transferFrom interface:

1. A: T.approve(B, 100)
2. A: B.doMagic(C)
3. B: T.transferFrom(B, C, 100)

Now C owns token T, despite both C and T implementing ERC23 and C explicitly revoking tokens.

The solution would appear to be to call tokenFallback from transferFrom. But then it would fail if C does not support ERC23. (What we really need is something like #165 to be universally adopted.)

[Dexaran]

approve and transferFrom are implemented due to backwards compatibility reasons only. If something is working with ERC23 tokens it will always receive tokens via transfer. If something is not working with ERC23 tokens but working with ERC20 it may receive tokens via transferFrom but I suggest to never use approve any more. So there is no need to implement tokenFallback call in transferFrom because of ERC23 assumes you will not use transferFrom. It may be needed only if you are going to work with contracts designed to work with ERC20.

[frozeman]

@Dexaran i updated your ERC to be more readable, please check that i didnt change anything, as the transferToContract had no example?!

[Arachnid]

This is not ERC23; EIP/ERC numbers are assigned by the editors. Please rename per EIP 0.

[Dexaran]

I named my token standard ERC23 because of it will be token standard for EthereumClassic too. And there were no ECIP20/ECIP21/ECIP22 in EthereumClassic but ERC20 token standard is well-known. I called it ERC23 to avoid name mismatch, because this would be the standard for contract developers on ETC and ETH. I'm aiming to prevent token losses on both chains. I'm not involved in politics with regard to splitting the chain. Interested in development only. If naming problem is so important for you I can discuss it as ERC223 (issue number) here.

[nmushegian]

I think the main lesson from the first standard attempt was that we should let standards emerge instead of treating it as land to be claimed for glory

[jbaylina]

I start adapting MiniMe token to be an ERC223 compatible token. Here you can see the PR to adapt it. https://github.com/Giveth/minime/pull/11/files Here are some issues/questions that I found in the standard during adaption: 1.- isContract, transferToContract, transferToAddress are internal, so they should not be part of the standard. This is just a way to implement the standard. 2.- What about the Transfer event? Do we add the data param breaking the ERC20 standard? In my case, I create two events one for ERC20 and the other for ERC223 with the same name and an extra data param.

I would love to hear comments.

[Dexaran]

@jbaylina

1. I want to standardize part of the internal logic of the contract, not just its interface. I'm solving a problem: people are losing money because of inaccurate implementations of token contracts. I want to prevent this, and it seemed to me important to standardize these methods (especially check for bytecode and perform a fallback function).

2. I don't think it's important to write token-data into blockchain via Transfer event. It will break backwards compatibility without any sufficient benefits. Token data will be available as part of transaction data.