Coinbase explains how it evaluates ERC-20 tokens for listing
2 min readCrypto exchange Coinbase has explained what technical factors it looks into before deciding to list an ERC-20 tokens on its trading platforms.
The ERC-20 token standard has become the most widely used way of issuing digital assets and assigning cryptocurrency or blockchain protocol voting rights to Ethereum blockchain (ETH), the world’s largest platform for building decentralized applications (dApps).
In a blog post published Monday, Nadir Akhtar, a blockchain security engineer at Coinbase, listed four qualities that each ERC-20 token should possess: Verified source code, industry-standard library use, limited scope for privileged roles, and simple and modular design.
Firstly, the token’s source code should be verified, said Akhtar. “This is the most important step to getting a token listed.”
Akhtar has suggested that developers should upload the source code for all smart contracts to a “reliable” platform, such as Etherscan. If the code is not yet deployed, it should be added to an easily shareable repository, such as GitHub, he said.
Secondly, developers should use open-source smart contract standards to develop ERC-20 tokens, according to Akhtar. It means developers should avoid writing smart contract code from scratch because they can miss a crucial detail, “compromising the integrity of the token.”
This is due to the numerous hacks in the crypto space that are the result of badly written code. One wrong line of code is enough to completely shut down the platform and lead to large losses for users, as we saw recently, for example, with the Yam protocol, which dropped to zero in 35 minutes.
Akhtar recommended using popular and “well-vetted” standards, such as OpenZeppelin’s repository of smart contracts.
Thirdly, ERC-20 tokens’ smart contracts should have limited privileged or “admin” roles, said Akhtar. “These roles can wield significant power, such as pausing transactions, modifying balances, or completely changing the token’s logic,” which reduces the likelihood of listing the token on Coinbase.
Lastly, tokens’ protocols should have “simple” and “modular” design to avoid complexities, said the security engineer.
Besides the above listed four factors, Coinbase also looks into factors such as external audits, thorough documentation, up-to-date Solidity language versions, and comprehensive test suites of ERC-20 tokens to catch bugs early.
External audits of smart contracts are especially important, said Akhtar, since their failures can cost “millions of dollars.”
“By developing tokens with these security best practices in mind, the path towards building an open financial system becomes much safer,” Akhtar concluded.
