ERC-20 Standard Violations
Detects deviations from the ERC-20 token standard including missing return values, incorrect event signatures, and non-standard behavior.
ERC-20 Standard Violations
Overview
Remediation Guide: How to Fix ERC-20 Violations
The ERC-20 violations detector identifies token contracts that deviate from the ERC-20 standard specification. Common violations include: transfer/approve not returning a boolean, missing Transfer/Approval events, non-standard decimals return type, and transferFrom not reducing allowance.
Why This Is an Issue
Non-standard ERC-20 tokens break composability. DeFi protocols, DEXes, and wallets that expect standard behavior will malfunction:
- Missing boolean return from
transfercausesSafeERC20calls to revert (USDT is a notorious example) - Missing events prevent off-chain indexers from tracking transfers
- Non-standard allowance behavior breaks approval-based workflows
How to Resolve
Ensure full compliance with the ERC-20 specification, or use OpenZeppelin’s ERC20 implementation as a base.
Examples
Sample Sigvex Output
{
"detector_id": "erc20-violations",
"severity": "low",
"confidence": 0.90,
"description": "transfer() function does not return a boolean value as required by ERC-20. Callers using SafeERC20 will revert when interacting with this token.",
"location": { "function": "transfer(address,uint256)", "offset": 0 }
}Detection Methodology
- Selector matching: Identifies ERC-20 function selectors (transfer, transferFrom, approve, balanceOf, allowance, totalSupply).
- Return value analysis: Checks whether transfer/approve/transferFrom return a boolean.
- Event emission: Verifies Transfer and Approval events are emitted with correct topics.
- Allowance behavior: Checks transferFrom reduces allowance (or uses type(uint256).max as infinite approval).
Limitations
- Well-known non-standard tokens (USDT, BNB) are intentionally non-compliant; the detector flags them for informational purposes.
- Upgradeable tokens where the proxy returns differently from the implementation are analyzed at the proxy level.
Related Detectors
- Unchecked ERC20 — unchecked return values
- Fee On Transfer — non-standard transfer behavior
- ERC-165 Spoofing — interface claim mismatches