Coinbase security engineer Nadir Akhtar spoke about the technical factors that ERC20 tokens must meet to be placed on the platform.
Nadir Akhtar named four characteristics that issuers’ tokens should have when they want to list their assets on Coinbase. This is the presence of verified source code using libraries that comply with industry standards limited options for privileged members and simple and modular design.
Akhtar explained that the source code of the token contract must be verified, and this requirement is paramount for listing. The engineer recommended that developers upload the source code for all smart contracts to trusted platforms, including Etherscan and the Github repository.
Second, to create ERC-20 tokens, developers need to use open standards for smart contracts and not write the entire contract code from scratch. Otherwise, important details can be overlooked, which could compromise the integrity of the token. According to a Coinbase engineer, the OpenZeppelin smart contract repository can be used for this purpose.
Third, smart contracts for ERC-20 tokens should include restrictions for administrators and other privileged users. If the smart contract allows you to suspend transactions, change balances, or completely change the logic of the token, this greatly reduces the likelihood of a token being listed on Coinbase.
Finally, to avoid any complications, token protocols should be simple and modular in design.
In addition, Coinbase security engineer said that external audits, detailed technical documentation, code compliance with the updated version of the Solidity language, and comprehensive tools for early error detection are equally important. Akhtar stressed that audits of smart contracts are very important, because even one bug can lead to losses in millions of dollars.
“If you follow these security principles when developing tokens, you can create an open financial system with a high level of security,” wrote a Coinbase engineer.
As a reminder, the DeFi YAM Finance project was closed last week. The startup began an ICO, which raised about $ 76 million, without going through an audit. Less than two days later, YAM Finance closed due to a critical error in the smart contract code.