Known non-standard ERC20 tokens

The following tokens are known to be non-standard ERC20 tokens. They may have additional risks that must be covered.

Missing Revert

These tokens do not revert when a transfer fails, e.g. due to missing funds. Protocols that integrate these tokens must include a check for the transfer function's returned boolean success status and handle the failure case appropriately.

Transfer Hooks

These tokens include ERC777-like transfer hooks. Protocols that interact with tokens that include transfer hooks must be extra careful to protect against reentrant calls when dealing with these tokens, because control is handed back to the caller upon transfer. This can also affect cross-protocol reentrant calls to view functions.

Missing Return Data / Transfer Success Status

These tokens do not return any data from the external call when transferring tokens. Protocols using an interface that specifies a return value when transferring tokens will revert. Solidity includes automatic checks on the return data size when decoding return values of an expected size.

Permit No-op

Does not revert when calling permit. Protocols that use EIP-2612 permits should check that the token allowance has increased or is sufficient. See Multichain's incident.

Additional Non-standard Behavior

Additional non-standard token behavior that could be problematic includes:

• fee on transfers
• upgradeable contracts (USDC)
• tokens with multiple address entry-points to the same accounting state
• non-standard decimals (USDC: 6)
• non-standard permits (DAI)
• do not reduce allowance when it is the maximum value
• do not require allowance for transfers from self
• revert for approval of large amounts >= 2^96 < 2^256 - 1 (UNI, COMP)

Refer to d-xo/weird-erc20 for additional non-standard ERC20 tokens.