Concepts
Token Pair
The x/erc20
module maintains a canonical one-to-one mapping of native Cosmos Coin denomination to ERC20 Token contract addresses (i.e sdk.Coin
←→ ERC20), called TokenPair
. The conversion of the ERC20 tokens ←→ Coin of a given pair can be enabled or disabled via governance.
Token Pair Registration
Users can register a new token pair proposal through the governance module and initiate a vote to include the token pair in the module. Depending on which exists first, the coin or the token, you can either register a Cosmos Coin or a ERC20 Token to create a token pair.
When the proposal passes, the erc20 module registers the Cosmos Coin and ERC20 Token mapping on the application's store.
Registration of a Cosmos Coin
A native Cosmos Coin corresponds to an sdk.Coin
that is native to the bank module. It can be either the native staking/gas denomination (eg: BCX, ATOM, etc) or an IBC fungible token voucher (i.e with denom format of ibc/{hash}
).
When a proposal is initiated for an existing native Cosmos Coin, the erc20 module will deploy a factory ERC20 contract, representing the ERC20 token for the token pair, giving the module ownership of that contract.
Registration of an ERC20 token
A proposal for an existing (i.e already deployed) ERC20 contract can be initiated too. In this case, the ERC20 maintains the original owner of the contract and uses an escrow & mint / burn & unescrow mechanism similar to the one defined by the ICS20 - Fungible Token Transfer specification. The token pair is composed of the original ERC20 token and a corresponding native Cosmos coin denomination.
Token details and metadata
Coin metadata is derived from the ERC20 token details (name, symbol, decimals) and vice versa. A special case is also described below that for the ERC20 representation of IBC fungible token (ICS20) vouchers.
Coin Metadata to ERC20 details
During the registration of a Cosmos Coin the following bank Metadata
is used to deploy a ERC20 contract:
Name
Symbol
Decimals
The native Cosmos Coin contains a more extensive metadata than the ERC20 and includes all necessary details for the conversion into a ERC20 Token, which requires no additional population of data.
IBC voucher Metadata to ERC20 details
IBC vouchers should comply to the following standard:
Name:
{NAME} channel-{channel}
Symbol:
ibc{NAME}-{channel}
Decimals: derived from bank
Metadata
ERC20 details to Coin Metadata
During the Registration of an ERC20 Token the Coin metadata is derived from the ERC20 metadata and the bank metadata:
Description:
Cosmos coin token representation of {contractAddress}
DenomUnits:
Coin:
0
ERC20:
{uint32(erc20Data.Decimals)}
Base:
{"erc20/%s", address}
Display:
{erc20Data.Name}
Name:
{types.CreateDenom(strContract)}
Symbol:
{erc20Data.Symbol}
Token Pair Modifiers
A valid token pair can be modified through several governance proposals. The internal conversion of a token pair can be toggled with ToggleTokenConversionProposal
, so that the conversions between the token pair's tokens can be enabled or disabled.
Token Conversion
Once a token pair proposal passes, the module allows for the conversion of that token pair. Holders of native Cosmos coins and IBC vouchers on the Evmos chain can convert their Coin into ERC20 Tokens, which can then be used in BlockX EVM, by creating a ConvertCoin
Tx. Vice versa, the ConvertERC20
Tx allows holders of ERC20 tokens on the BlockX chain to convert ERC-20 tokens back to their native Cosmos Coin representation.
Depending on the ownership of the ERC20 contract, the ERC20 tokens either follow a burn/mint or a transfer/escrow mechanism during conversion.
Malicious Contracts
The ERC20 standard is an interface that defines a set of method signatures (name, arguments and output) without defining its methods' internal logic. Therefore it is possible for developers to deploy contracts that contain hidden malicious behavior within those methods.
For instance, the ERC20 transfer
method, which is responsible for sending an amount
of tokens to a given recipient
could include code to siphon some amount of tokens intended for the recipient into a different predefined account, which is owned by the malicious contract deployer.
More sophisticated malicious implementations might also inherit code from customized ERC20 contracts that include malicious behavior. For an overview of more extensive examples, please review the x/erc20 audit, section IF-EVMOS-06: IERC20 Contracts may execute arbitrary code
.
As the x/erc20
module allows any arbitrary ERC20 contract to be registered through governance, it is essential that the proposer or the voters manually verify during voting phase that the proposed contract uses the default ERC20.sol implementation.
Here are our recommendations for the reviewing process:
contract solidity code should be verified and accessible (e.g. using an explorer)
contract should be audited by a reputable auditor
inherited contracts need to be verified for correctness
Last updated