Hey, ruX is here.

DeFi: your tokens aren’t in your wallet

Crypto and in particular DeFi can be technically very complex, and the general audience often might oversee the importance of understanding the technical implementation.

In colloquial language, people often say something like "I've got 10 USDT in my wallet" or "my wallet has 1M Shibu Dogs". It sounds normal and assuring; we all have experience of having money in our pocket. As usual, it's not that simple after looking into the details.

Without the fundamental understanding of where tokens are actually stored there is increasing risk of losing money. It's a DeFi 101.


Note: the information in this article is primarily applicable to the EVM blockchains(Ethererum, Avalanche, Polygon, Gnosis, Fantom, etc..). In this case, MetaMask is likely to be used for interaction with the Dapps.


One might remember that when MetaMask starts the first time or the new tokens are received the wallet interface doesn't display all expected tokens. Obviously, many people freak out that their money got nicked. With a quick search it'd be easy to find what’s happening.

That's one of the implications of how ERC20 Tokens are working. Tokens aren’t sitting in your MetaMask or Brave wallet. Even more, they're not lodging in your key or anywhere on your computer or mobile phone. The wallets don't "own" the tokens per se. The way it works is inside out: It's not that your wallet stores the ERC20 tokens, but ERC20 tokens keep your balance. These tokens aren't made of copper but they're actually programs(smart contracts) written in Solidity language.

The way it works is inside out:
Your wallet doesn't own the ERC20 tokens, but ERC20 tokens keep and manage your balance

Every interaction(get balance, transfer, etc) with ERC20 tokens is a call to the program, such as USDT or BAL. To display the balance of the token the MetaMask hits the token smart contract asking "what's the balance of the wallet 0xabcdYOURWALLET".

Let that sink in. ERC20 Tokens are balance manipulating programs.

What are the implications of ERC20 design?

There are lots of things to consider, starting from the usability (hello tokens autodetection!) all the way to the broad opportunities for the scam. These ERC20 tokens contracts are just programs, written by humans. Literally(that's the point of the permissionless blockchain!) anyone can code a token that exhibits specific behaviour.

People are very different, and not all of them play fair.

Some common scams:

Why is ERC20 so badly designed?

Ethereum was the first general purpose blockchain for Dapps and honestly I think they did well. For the MEV I work with lots of the protocols and I'm still impressed how well the Ethereum team designed this the most fundamental building block of the DeFi lego. Seems like they cover 95% of functionality required for the everyday operations with the tokens. So I'd rather disagree with haters on Internet.

Could it be better? Totally. The community is offering different solutions to address existing painpoint, for example EIP-777 .

Stay safe in the wild DeFi jungle.

Exit mobile version