Skip to main content

Token integration checklist

soliditysmart contractssecuritytokens
Intermediate
Trailofbits
Building secure contracts(opens in a new tab)
August 13, 2020
4 minute read minute read

Follow this checklist when interacting with arbitrary tokens. Make sure you understand the risks associated with each item, and justify any exceptions to these rules.

For convenience, all Slither utilities(opens in a new tab) can be run directly on a token address, such as:

Using Slither tutorial

slither-check-erc 0xdac17f958d2ee523a2206206994597c13d831ec7 TetherToken

To follow this checklist, you'll want to have this output from Slither for the token:

- slither-check-erc [target] [contractName] [optional: --erc ERC_NUMBER]
- slither [target] --print human-summary
- slither [target] --print contract-summary
- slither-prop . --contract ContractName # requires configuration, and use of Echidna and Manticore

General considerations

ERC conformity

Slither includes a utility, slither-check-erc(opens in a new tab), that reviews the conformance of a token to many related ERC standards. Use slither-check-erc to review that:

Slither includes a utility, slither-prop(opens in a new tab), that generates unit tests and security properties that can discover many common ERC flaws. Use slither-prop to review that:

Finally, there are certain characteristics that are difficult to identify automatically. Review for these conditions by hand:

  • Transfer and transferFrom should not take a fee. Deflationary tokens can lead to unexpected behavior.
  • Potential interest earned from the token is taken into account. Some tokens distribute interest to token holders. This interest might be trapped in the contract if not taken into account.

Contract composition

Owner privileges

Token scarcity

Reviews for issues of token scarcity requires manual review. Check for these conditions:

  • No user owns most of the supply. If a few users own most of the tokens, they can influence operations based on the token's repartition.
  • The total supply is sufficient. Tokens with a low total supply can be easily manipulated.
  • The tokens are located in more than a few exchanges. If all the tokens are in one exchange, a compromise of the exchange can compromise the contract relying on the token.
  • Users understand the associated risks of large funds or flash loans. Contracts relying on the token balance must carefully take in consideration attackers with large funds or attacks through flash loans.
  • The token does not allow flash minting. Flash minting can lead to substantial swings in the balance and the total supply, which neccessitate strict and comprehensive overflow checks in the operation of the token.

Last edit: @nhsz(opens in a new tab), August 15, 2023

Was this tutorial helpful?