Skip to main content
Ethereum & smart contracts

The ERC-20 Token Standard

Pomegra Learn

The ERC-20 Token Standard

The ERC-20 standard is arguably the most important innovation on Ethereum after the platform itself. It provides a universal blueprint for creating fungible tokens on the network. If Bitcoin is digital currency, ERC-20 is the standard that enabled thousands of projects to issue their own tokens, from stablecoins like USDC to DeFi governance tokens like Uniswap's UNI.

ERC stands for Ethereum Request for Comment, a proposal system for standardizing Ethereum improvements. ERC-20 specifically defines a set of rules and functions that a smart contract must implement to be recognized as a valid token. This standardization has been transformative—because wallets, exchanges, and applications all understand the ERC-20 interface, any ERC-20 token can instantly be sent, received, traded, and integrated into the broader ecosystem.

Why Standards Matter

Before ERC-20 was proposed in 2015, early Ethereum projects created tokens with custom smart contracts. Each contract had different function names, different ways of approving transfers, and different behavior. Developers building wallets or exchanges had to write custom code for each token. This fragmentation made the ecosystem difficult to use and prone to confusion.

ERC-20 solved this by creating a common interface. Every ERC-20 token contract has the same core functions and events. Once you understand one ERC-20 token, you understand how to interact with all of them. This standardization has enabled the explosive growth of the Ethereum token ecosystem.

The process began when Fabian Vogelsteller and Vitalik Buterin proposed the standard in late 2015. It was officially adopted as an Ethereum Improvement Proposal (EIP-20) and has since become the de facto standard for fungible token creation on Ethereum. Today, the vast majority of tokens on Ethereum are ERC-20 compliant.

Core Functions and Events

The ERC-20 standard requires smart contracts to implement six core functions and two events. Understanding these is essential to understanding how tokens work on Ethereum.

balanceOf(address) returns the token balance of a specific address. This function is read-only and doesn't require any gas beyond the standard call cost. It allows anyone to check how many tokens any address owns.

transfer(to, amount) allows the function caller to send tokens to another address. The sender's balance decreases and the recipient's balance increases. This function is the foundation of token ownership and movement.

approve(spender, amount) grants a specific address permission to transfer tokens on your behalf. This is a critical security function. Instead of requiring you to manually transfer tokens, you can authorize a smart contract to withdraw tokens when needed. For example, when you trade on a decentralized exchange, you first approve the exchange contract to spend your tokens, then the contract calls transferFrom to execute the swap.

allowance(owner, spender) checks how much a spender is authorized to transfer on behalf of an owner. If you approved a contract to spend 1,000 USDC, allowance would return 1,000 USDC for that contract.

transferFrom(from, to, amount) is called by approved addresses to transfer tokens on behalf of another user. The spender must have sufficient allowance. This function enables the delegation pattern essential for DeFi.

totalSupply() returns the total number of tokens in existence. For tokens with capped supplies (like Bitcoin, which has 21 million coins), this number is fixed. For uncapped tokens, it can change if the contract includes mint or burn functions.

The ERC-20 standard also mandates two events:

Transfer is emitted whenever tokens move from one address to another. Indexing these events allows applications to track transaction history and reconstruct the token's movement across the network.

Approval is emitted whenever an address grants or modifies allowance to a spender. This allows applications to monitor spending authorizations.

Token Metadata

While not strictly required by the ERC-20 standard, most tokens implement three additional functions for metadata:

name() returns the token's display name (e.g., "USDC Coin").

symbol() returns the token ticker (e.g., "USDC").

decimals() returns how many decimal places the token supports. Most tokens use 18 decimals like Ethereum itself, though USDC and USDT use 6. This matters because smart contracts work with integers; decimals tell applications how to convert between human-readable amounts and on-chain values.

For example, 1 USDC with 6 decimals is actually represented as 1,000,000 on-chain. If you send 1,000,000 units of a 6-decimal token, you've sent 1 token.

The Approval Pattern and Security Implications

The approve-then-transfer pattern is a distinctive feature of ERC-20 that enables powerful functionality but introduces a subtle security consideration.

When you interact with a DeFi protocol like a lending platform or DEX, you don't transfer tokens directly to the protocol. Instead, you approve it to spend tokens on your behalf. The protocol then calls transferFrom to pull the tokens as needed. This separation allows for more complex operations—you can approve once and execute multiple transactions using that allowance.

However, this creates a front-running opportunity. If you approve a spender for a certain amount and then call approve again with a different amount, a malicious spender could execute both approvals. For example, if you approve 100 tokens, then change your mind and approve 50 tokens, the contract could theoretically use the old 100-token allowance before it's reduced, then also use the new 50-token allowance.

Modern best practices address this through "infinite approval" (approving a very large number) or using safer approval functions that set the allowance to zero before setting a new amount. Many wallets and applications now use the permit pattern (EIP-2612), which allows atomic approval and spending in a single transaction, eliminating this race condition.

Key ERC-20 Tokens and Their Purposes

The ERC-20 standard has enabled an enormous variety of tokens, each serving different purposes.

Stablecoins like USDC, USDT, and DAI are ERC-20 tokens designed to maintain a stable value relative to the US dollar. USDC is issued by Coinbase and regulated as a stablecoin. USDT is issued by Tether and backed by cash reserves. DAI is algorithmic, maintained at $1 through economic incentives. These tokens serve as crucial bridges between traditional finance and DeFi.

Governance Tokens like Uniswap's UNI, Aave's AAVE, and Compound's COMP grant holders voting rights on protocol changes. Holders stake tokens to vote on proposals. These tokens have created a new governance model for decentralized protocols.

Utility Tokens like Chainlink's LINK serve specific functions within protocols. LINK holders can stake as price feed operators or use LINK to pay for data. The token's value directly relates to its utility.

Wrapped Tokens like Wrapped Bitcoin (WBTC) are ERC-20 representations of assets on other blockchains. 1 WBTC represents 1 Bitcoin held in custody. This allows Bitcoin to be used in Ethereum DeFi.

Creating Your Own ERC-20 Token

Creating an ERC-20 token is surprisingly simple. A basic implementation requires only a few hundred lines of Solidity code. You define a mapping to track balances, implement the required functions, and emit the proper events.

Most developers today use established libraries like OpenZeppelin, which provides thoroughly audited, battle-tested ERC-20 implementations. You inherit from their contract, define initial supply and parameters, and deploy. A simple token can be deployed in minutes.

However, simplicity is deceiving. Deploying a token with genuine utility requires careful consideration of tokenomics (total supply, distribution, vesting), regulatory compliance, and smart contract security. Tokens that gain significant value often require formal audits before launch to prevent exploits.

ERC-20 Token Operations

Evolution Beyond ERC-20

While ERC-20 remains dominant for fungible tokens, the Ethereum ecosystem has created improved standards addressing specific use cases.

ERC-777 attempts to improve upon ERC-20 by adding hooks for more advanced token behavior, but adoption has been limited due to complexity and security concerns.

ERC-1363 adds callback functions, allowing more direct contract-to-contract interaction than pure ERC-20.

ERC-4626 standardizes tokenized vaults for yield-bearing tokens, enabling better composability in DeFi.

For non-fungible assets, the ecosystem moved to ERC-721 (NFTs) and ERC-1155 (multi-token standard), which we explore in detail in subsequent sections.

How Smart Contracts Interact with ERC-20

Smart contracts can interact with any ERC-20 token by calling the standard functions. A DEX contract, for example, checks your token balance with balanceOf, accepts your approval with approve, and executes swaps with transferFrom.

This programmability is why ERC-20 is so powerful. Any new application can instantly work with all existing ERC-20 tokens without custom integration. You can send USDC, USDT, UNI, or any other ERC-20 token to the same address with the same wallet, using the same logic.

Gas Costs and Practical Considerations

Transferring ERC-20 tokens costs more gas than transferring ETH. A simple ETH transfer costs 21,000 gas; an ERC-20 token transfer typically costs 65,000 gas because the contract must update two address balances and emit an event.

Approvals cost similarly. Complex operations like swaps involving multiple token transfers and state changes can cost 100,000 to 300,000 gas or more. This is why gas optimization is critical for token-heavy applications.

Security and Common Pitfalls

ERC-20 has been deployed billions of times, making it a target for both accidental bugs and intentional exploits. Common pitfalls include:

Integer Overflow/Underflow: Early smart contracts didn't check whether arithmetic operations would exceed integer limits. Modern Solidity versions (0.8.0+) automatically check for these, but legacy code can be vulnerable.

Reentrancy: If a contract calls an external function and then updates its state, an attacker might call back into the contract before the state update completes, allowing double-spending. This vulnerability isn't specific to ERC-20 but is particularly dangerous in token contexts.

Improper Balance Checking: Some contracts accept tokens through the receive fallback function rather than proper transfer calls, leading to accounting errors.

These vulnerabilities have led to billions in losses across the DeFi ecosystem. Formal audits by reputable security firms have become essential before deploying significant token projects.

The Future of Token Standards

As Ethereum evolves, token standards continue improving. The adoption of Layer 2 solutions like Arbitrum and Optimism means tokens increasingly operate across multiple chains. Cross-chain token bridges introduce new security considerations and standards.

Future improvements may address privacy (partially anonymized transfers), better composability with smart contracts, and more efficient storage and retrieval. However, ERC-20 will likely remain the standard for fungible tokens on Ethereum for the foreseeable future due to its simplicity and nearly universal adoption.

Conclusion

The ERC-20 standard transformed Ethereum from an interesting experiment into a platform for thousands of projects. By defining a simple, universal interface for tokens, it enabled the explosion of DeFi, governance experiments, and tokenized finance. Understanding ERC-20 is essential for anyone interacting with modern Ethereum applications.

Whether you're trading tokens on a DEX, staking governance tokens, or building applications that interact with tokens, the ERC-20 standard is the foundation beneath your feet. Its elegance—simplicity combined with sufficient power for complex interactions—explains why it has endured and thrived for nearly a decade.

References